Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1138

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1138
Last Modified 21 Aug 2010 12:21:54
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1138

Summary

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.

Vulnerable Systems

Application

  • Vim Development Group Vim 5.0

  • Vim Development Group Vim 5.1

  • Vim Development Group Vim 5.2

  • Vim Development Group Vim 5.3

  • Vim Development Group Vim 5.4

  • Vim Development Group Vim 5.5

  • Vim Development Group Vim 5.6

  • Vim Development Group Vim 5.7

  • Vim Development Group Vim 5.8

  • Vim Development Group Vim 6.0

  • Vim Development Group Vim 6.1

  • Vim Development Group Vim 6.2

  • Vim Development Group Vim 6.3.011

  • Vim Development Group Vim 6.3.025

  • Vim Development Group Vim 6.3.030

  • Vim Development Group Vim 6.3.044


References

GENTOO - GLSA-200412-10

OPENPKG - OpenPKG-SA-2004.052

FEDORA - FLSA:2343

XF - vim-modeline-gain-privileges(18503)

REDHAT - RHSA-2005:036

REDHAT - RHSA-2005:010


Last Updated: 27 May 2016 10:38:54