Vulnerability Details CVE-2004-1138
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.3%
CVSS Severity
CVSS v2 Score 7.2
References
- http://marc.info/?l=bugtraq&m=110313588125609&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
- http://www.redhat.com/support/errata/RHSA-2005-010.html
- http://www.redhat.com/support/errata/RHSA-2005-036.html
- https://bugzilla.fedora.us/show_bug.cgi?id=2343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18503
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9571
- http://marc.info/?l=bugtraq&m=110313588125609&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
- http://www.redhat.com/support/errata/RHSA-2005-010.html
- http://www.redhat.com/support/errata/RHSA-2005-036.html
- https://bugzilla.fedora.us/show_bug.cgi?id=2343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18503
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9571
Products affected by CVE-2004-1138
-
cpe:2.3:a:vim_development_group:vim:5.0
-
cpe:2.3:a:vim_development_group:vim:5.1
-
cpe:2.3:a:vim_development_group:vim:5.2
-
cpe:2.3:a:vim_development_group:vim:5.3
-
cpe:2.3:a:vim_development_group:vim:5.4
-
cpe:2.3:a:vim_development_group:vim:5.5
-
cpe:2.3:a:vim_development_group:vim:5.6
-
cpe:2.3:a:vim_development_group:vim:5.7
-
cpe:2.3:a:vim_development_group:vim:5.8
-
cpe:2.3:a:vim_development_group:vim:6.0
-
cpe:2.3:a:vim_development_group:vim:6.1
-
cpe:2.3:a:vim_development_group:vim:6.2
-
cpe:2.3:a:vim_development_group:vim:6.3.011
-
cpe:2.3:a:vim_development_group:vim:6.3.025
-
cpe:2.3:a:vim_development_group:vim:6.3.030
-
cpe:2.3:a:vim_development_group:vim:6.3.044