cbcvebase.
CVE-2007-2438
published 2007-05-02

CVE-2007-2438: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell…

PriorityP335high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
3.22%
86.6th percentile
The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianvim< vim 1:7.1-022+1 (bookworm)vim 1:7.1-022+1 (bookworm)
vimvim>= 0 < 1:7.1-022+11:7.1-022+1
vimvim>= 0 < 1:7.1-022+11:7.1-022+1
vimvim>= 0 < 1:7.1-022+11:7.1-022+1
vimvim>= 0 < 1:7.1-022+11:7.1-022+1
vim_development_groupvim

CVSS provenance

nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6LOW
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.