CVE Vulnerabilities

CVE-2009-0316

Published: Jan 28, 2009 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Affected Software

Name Vendor Start Version End Version
Vim Vim 1.0 1.0
Vim Vim 1.22 1.22
Vim Vim 3.0 3.0
Vim Vim 4.0 4.0
Vim Vim 5.0 5.0
Vim Vim 5.1 5.1
Vim Vim 5.2 5.2
Vim Vim 5.3 5.3
Vim Vim 5.4 5.4
Vim Vim 5.5 5.5
Vim Vim 5.6 5.6
Vim Vim 5.7 5.7
Vim Vim 5.8 5.8
Vim Vim 6.0 6.0
Vim Vim 6.1 6.1
Vim Vim 6.2 6.2
Vim Vim 6.3 6.3
Vim Vim 6.4 6.4
Vim Vim 7.0 7.0
Vim Vim 7.1 7.1
Vim Vim * 7.2
Vim Ubuntu dapper *
Vim Ubuntu gutsy *
Vim Ubuntu hardy *
Vim Ubuntu intrepid *
Vim Ubuntu upstream *

References