CVE-2004-1138 — VIM vulnerability

7 documents7 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 79.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM VIM Development Group VIM

Timeline

PublishedJan 10

Latest updateApr 29

Description

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/vim< vim 1:6.3-046+0sarge1 (bookworm)

▶Debianvim/vim< 1:6.3-046+0sarge1+3

▶NVDvim_development_group/vim16 versions+15

Patches

Patch: www.gentoo.org ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-jx5v-4rgm-j8mg: VIM before 6↗2022-04-29

▶

OSV

CVE-2004-1138: VIM before 6↗2005-01-10

▶

📋Vendor Advisories

Ubuntu

vim vulnerability↗2004-12-23

▶

Red Hat

security flaw↗2004-12-15

▶

Debian

CVE-2004-1138: vim - VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary comman...↗2004

▶

💬Community

Bugzilla

CVE-2004-1138 security flaw↗2018-08-16

▶