Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability

Vim is susceptible to an arbitrary command execution vulnerability with ModeLines. This issue is due to insufficient sanitization of user-supplied input.

By modifying a text file to include ModeLines containing the 'glob()', or 'expand()' functions with shell metacharacters, attackers may cause arbitrary commands to be executed.

This vulnerability allows an attacker to execute arbitrary commands with the privileges of the vim user. This gives an attacker the ability to gain remote access to computers running the vulnerable software.

This issue is similar to BIDs 6384 and 11941.


Privacy Statement
Copyright 2010, SecurityFocus