Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0409 — Development Group VIM vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.4%

top 40.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

VIM Development Group VIM

Timeline

PublishedJun 18

Latest updateApr 30

Description

vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDvim_development_group/vim5.7

Patches

Patch: www.calderasystems.com ↗Patch: www.calderasystems.com ↗

🔴Vulnerability Details

GHSA

GHSA-377x-f57q-cjmg: vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is ed↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Vim 5.x - Swap File Race Condition↗2001-01-26

▶