Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1377 — VIM vulnerability

7 documents7 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 77.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

VIM Debian VIM VIM Development Group VIM

Timeline

PublishedDec 23

Latest updateApr 30

Description

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/vim< vim 6.1.263-1 (bookworm)

▶Debianvim/vim< 6.1.263-1+3

▶NVDvim_development_group/vim11 versions+10

Patches

Patch: www.guninski.com ↗Patch: www.redhat.com ↗Patch: www.guninski.com ↗

🔴Vulnerability Details

GHSA

GHSA-3g8f-84mq-ghvw: vim 6↗2022-04-30

▶

OSV

CVE-2002-1377: vim 6↗2002-12-23

▶

💥Exploits & PoCs

Exploit-DB

Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution↗2019-06-04

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-12-12

▶

Debian

CVE-2002-1377: vim - vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitr...↗2002

▶

💬Community

Bugzilla

CVE-2002-1377 security flaw↗2018-08-16

▶