Vulnerability Description
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vim Development Group | Vim | 5.0 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
- http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html
- http://marc.info/?l=bugtraq&m=108077992208690&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700
- http://www.guninski.com/vim1.htmlPatchVendor Advisory
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012
- http://www.redhat.com/support/errata/RHSA-2002-297.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2002-302.html
- http://www.securityfocus.com/bid/6384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10835
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
- http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html
- http://marc.info/?l=bugtraq&m=108077992208690&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700
- http://www.guninski.com/vim1.htmlPatchVendor Advisory
FAQ
What is CVE-2002-1377?
CVE-2002-1377 is a vulnerability with a CVSS score of 4.6 (MEDIUM). vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edi...
How severe is CVE-2002-1377?
CVE-2002-1377 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1377?
Check the references section above for vendor advisories and patch information. Affected products include: Vim Development Group Vim.