CVE Vulnerabilities

CVE-2004-1138

Published: Jan 10, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.

Affected Software

Name Vendor Start Version End Version
Vim Vim_development_group 5.0 (including) 5.0 (including)
Vim Vim_development_group 5.1 (including) 5.1 (including)
Vim Vim_development_group 5.2 (including) 5.2 (including)
Vim Vim_development_group 5.3 (including) 5.3 (including)
Vim Vim_development_group 5.4 (including) 5.4 (including)
Vim Vim_development_group 5.5 (including) 5.5 (including)
Vim Vim_development_group 5.6 (including) 5.6 (including)
Vim Vim_development_group 5.7 (including) 5.7 (including)
Vim Vim_development_group 5.8 (including) 5.8 (including)
Vim Vim_development_group 6.0 (including) 6.0 (including)
Vim Vim_development_group 6.1 (including) 6.1 (including)
Vim Vim_development_group 6.2 (including) 6.2 (including)
Vim Vim_development_group 6.3.011 (including) 6.3.011 (including)
Vim Vim_development_group 6.3.025 (including) 6.3.025 (including)
Vim Vim_development_group 6.3.030 (including) 6.3.030 (including)
Vim Vim_development_group 6.3.044 (including) 6.3.044 (including)
Red Hat Enterprise Linux 3 RedHat vim-1:6.3.046-0.30E.1 *
Red Hat Enterprise Linux 4 RedHat vim-1:6.3.046-0.40E.4 *
Vim Ubuntu dapper *
Vim Ubuntu devel *
Vim Ubuntu edgy *
Vim Ubuntu feisty *

References