Vim Multiple Command-Execution Vulnerabilities

vendor:

Vim

by:

SecurityFocus

7.5

CVSS

HIGH

Command-Execution

CWE

Product Name: Vim

Affected Version From: Vim 7.1.298

Affected Version To: Other versions may also be affected.

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Vim Multiple Command-Execution Vulnerabilities

Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Mitigation:

Users should avoid using untrusted input when working with Vim.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/29715/info

Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.1.298 is vulnerable; other versions may also be affected.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32055.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31911-2.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31911-3.zip