vulnerability
Oracle Linux: CVE-2016-1248: ELSA-2016-2972: vim security update (MODERATE) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:H/Au:N/C:C/I:C/A:C) | Nov 20, 2016 | Dec 21, 2016 | Dec 12, 2024 |
Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
Nov 20, 2016
Added
Dec 21, 2016
Modified
Dec 12, 2024
Description
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim.
A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim.
Solution(s)
oracle-linux-upgrade-vim-commonoracle-linux-upgrade-vim-enhancedoracle-linux-upgrade-vim-filesystemoracle-linux-upgrade-vim-minimaloracle-linux-upgrade-vim-x11

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.