VIM ModeLines Arbitrary Command Execution Vulnerability

vim is a freely available, open source text editor. It is available for Unix, Linux, and Microsoft Operating Systems.

It has been reported that a problem exists in vim with modelines. Modelines are instructions placed at the beginning and end of text files to instruct the editor on how to handle certain elements of the file. Due to insufficent handling of input, it may be possible to execute arbitrary commands through the modelines function.

**A conceptual worm has been reported that explicitly illustrates how this vulnerability could be futher exploited to act as a mass mailing worm.


 

Privacy Statement
Copyright 2010, SecurityFocus