Vulnerability Details CVE-2004-1138
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 32.5%
CVSS Severity
CVSS v2 Score 7.2
References
- http://marc.info/?l=bugtraq&m=110313588125609&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
- http://www.redhat.com/support/errata/RHSA-2005-010.html
- http://www.redhat.com/support/errata/RHSA-2005-036.html
- https://bugzilla.fedora.us/show_bug.cgi?id=2343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18503
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9571
- http://marc.info/?l=bugtraq&m=110313588125609&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
- http://www.redhat.com/support/errata/RHSA-2005-010.html
- http://www.redhat.com/support/errata/RHSA-2005-036.html
- https://bugzilla.fedora.us/show_bug.cgi?id=2343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18503
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9571
Products affected by CVE-2004-1138
-
cpe:2.3:a:vim_development_group:vim:5.0
-
cpe:2.3:a:vim_development_group:vim:5.1
-
cpe:2.3:a:vim_development_group:vim:5.2
-
cpe:2.3:a:vim_development_group:vim:5.3
-
cpe:2.3:a:vim_development_group:vim:5.4
-
cpe:2.3:a:vim_development_group:vim:5.5
-
cpe:2.3:a:vim_development_group:vim:5.6
-
cpe:2.3:a:vim_development_group:vim:5.7
-
cpe:2.3:a:vim_development_group:vim:5.8
-
cpe:2.3:a:vim_development_group:vim:6.0
-
cpe:2.3:a:vim_development_group:vim:6.1
-
cpe:2.3:a:vim_development_group:vim:6.2
-
cpe:2.3:a:vim_development_group:vim:6.3.011
-
cpe:2.3:a:vim_development_group:vim:6.3.025
-
cpe:2.3:a:vim_development_group:vim:6.3.030
-
cpe:2.3:a:vim_development_group:vim:6.3.044