vim
Page content
- Author: voroskoi
- Vulnerable: 7.0-3
- Unaffected: 7.0-4terminus1
Tomas Golembiovsky has discovered a vulnerability in Vim, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to the application allowing e.g. the “feedkeys()” function to be called in the sandbox. This can be exploited to execute arbitrary commands with privileges of the Vim user. Successful exploitation requires that the “modelines” option is enabled and the user is tricked into opening a malicious file.
- Bug Tracker URL: http://bugs.frugalware.org/task/2010