4.6
CVE-2002-1377
- EPSS 0.47%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginvim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vim Development Group ≫ Vim Version5.0
Vim Development Group ≫ Vim Version5.1
Vim Development Group ≫ Vim Version5.2
Vim Development Group ≫ Vim Version5.3
Vim Development Group ≫ Vim Version5.4
Vim Development Group ≫ Vim Version5.5
Vim Development Group ≫ Vim Version5.6
Vim Development Group ≫ Vim Version5.7
Vim Development Group ≫ Vim Version5.8
Vim Development Group ≫ Vim Version6.0
Vim Development Group ≫ Vim Version6.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.372 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html
http://marc.info/?l=bugtraq&m=108077992208690&w=2
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700
http://www.guninski.com/vim1.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012
http://www.redhat.com/support/errata/RHSA-2002-297.html
http://www.redhat.com/support/errata/RHSA-2002-302.html
http://www.securityfocus.com/bid/6384
https://exchange.xforce.ibmcloud.com/vulnerabilities/10835