Shodan
Vulnerabilities
Vulnerable Software
Vim Development Group:  >> Vim  Security Vulnerabilities
CVE-2007-2953
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
CVSS Score
6.8
EPSS Score
0.1
Published
2007-07-31
CVE-2007-2438
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.
CVSS Score
7.6
EPSS Score
0.027
Published
2007-05-02
CVE-2005-2368
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
CVSS Score
9.3
EPSS Score
0.011
Published
2005-07-26
CVE-2005-0069
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-01-13
CVE-2004-1138
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-01-10
CVE-2002-1377
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-12-23
CVE-2001-0408
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
CVSS Score
5.1
EPSS Score
0.007
Published
2001-06-18
CVE-2001-0409
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
CVSS Score
2.1
EPSS Score
0.002
Published
2001-06-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved