Vim, gVim: Multiple Vulnerabilities

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact Please review the...

Slackware: Security Advisory (SSA:2022-229-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-202204-13] gvim: arbitrary code execution

Arch Linux Security Advisory ASA-202204-13 ========================================== Severity: High Date : 2022-04-15 CVE-ID : CVE-2022-1154 CVE-2022-1160 Package : gvim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-2662 Summary ======= The package gvim...

GLSA-202003-04 : Vim, gVim: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-202003-04 Vim, gVim: Remote execution of arbitrary code It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result i...

Vim, gVim: Remote execution of arbitrary code

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text fil...

[ASA-201906-9] gvim: arbitrary code execution

Arch Linux Security Advisory ASA-201906-9 ========================================= Severity: High Date : 2019-06-11 CVE-ID : CVE-2019-12735 Package : gvim Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-976 Summary ======= The package gvim before version...

[ASA-201707-19] gvim: arbitrary code execution

Arch Linux Security Advisory ASA-201707-19 ========================================== Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : gvim Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-347 Summary ======= The package gvim before version...

GLSA-201706-26 : Vim, gVim: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201706-26 Vim, gVim: Remote execution of arbitrary code Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user ...

Vim, gVim: Remote execution of arbitrary code

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact A remote attacker...

Vim, gVim: Remote execution of arbitrary code

Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Vim and gVim do not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. Impact A remote attacker could entice a user to open a...

CVE-2010-3914

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in...

CVE-2010-3914

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in...

Design/Logic Flaw

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in...

CVE-2010-3914

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in...

CVE-2010-3914

GVim (VIM Development Group) is affected by CVE-2010-3914: untrusted search path allows DLL hijacking where a Trojan horse User32.dll (or other DLL) located in the same folder as a .TXT file can enable local or (potentially) remote code execution. Affected versions include GVim before 7.3.034, an...

CVE-2010-3914

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in...

GVim may insecurely load dynamic libraries

Overview GVim may use unsafe methods for determining how to load DLLs. GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this vulnerability t...

JVN#27868039: GVim may insecurely load dynamic libraries

GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact An attacker may execute arbitrary code with the privilege of running the application. Solution Update the...

SLES10: Security update for gvim and vim

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: gvim vim More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at http://download.novell.com/patch/finder/ VID...

SLES10: Security update for vim

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: gvim vim More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at http://download.novell.com/patch/finder/ VID...