4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
24.3%
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | vim | < 6.1.263-1 | vim_6.1.263-1_all.deb |
Debian | 11 | all | vim | < 6.1.263-1 | vim_6.1.263-1_all.deb |
Debian | 10 | all | vim | < 6.1.263-1 | vim_6.1.263-1_all.deb |
Debian | 999 | all | vim | < 6.1.263-1 | vim_6.1.263-1_all.deb |
Debian | 13 | all | vim | < 6.1.263-1 | vim_6.1.263-1_all.deb |