vulnerability

Oracle Linux: CVE-2016-1248: ELSA-2016-2972: vim security update (MODERATE) (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
Nov 20, 2016
Added
Dec 21, 2016
Modified
Dec 12, 2024

Description

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim.

Solution(s)

oracle-linux-upgrade-vim-commonoracle-linux-upgrade-vim-enhancedoracle-linux-upgrade-vim-filesystemoracle-linux-upgrade-vim-minimaloracle-linux-upgrade-vim-x11
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.