MidnightBSD

Advisories for vim_development_group

CVE-2001-0408 MEDIUM

vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vim_development_group vim 5.7
CVE-2001-0409 LOW

vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vim_development_group vim 5.7
CVE-2002-1377 MEDIUM

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vim_development_group vim 5.1
vim_development_group vim 6.0
vim_development_group vim 5.4
vim_development_group vim 5.5
vim_development_group vim 5.7
vim_development_group vim 5.8
vim_development_group vim 5.0
vim_development_group vim 5.2
vim_development_group vim 5.3
vim_development_group vim 5.6
vim_development_group vim 6.1
CVE-2004-1138 HIGH

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vim_development_group vim 6.2
vim_development_group vim 6.3.044
vim_development_group vim 5.4
vim_development_group vim 6.3.030
vim_development_group vim 5.3
vim_development_group vim 5.6
vim_development_group vim 6.1
vim_development_group vim 5.1
vim_development_group vim 6.0
vim_development_group vim 5.5
vim_development_group vim 6.3.011
vim_development_group vim 6.3.025
vim_development_group vim 5.7
vim_development_group vim 5.8
vim_development_group vim 5.0
vim_development_group vim 5.2
CVE-2005-0069 MEDIUM

The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vim_development_group vim 6.3.044
vim_development_group vim 6.3.011
vim_development_group vim 6.3.025
vim_development_group vim 6.3.030
CVE-2005-2368 HIGH

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
vim_development_group vim 6.3.044
vim_development_group vim 6.3.011
vim_development_group vim 6.3.025
vim_development_group vim 6.3
vim_development_group vim 6.3.030
vim_development_group vim 6.3.081