OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

vim -- modelines execute arbitrary shell code

Affected packages
vim < 6.3.082

Details

VuXML ID 7d55ff5a-ffa7-11d9-a07e-000b5d77b0f5
Discovery 2005-07-25
Entry 2005-07-27

im 6.3 before 6.3.082, with modelines enabled, allows attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.

References

CVE Name CAN-2005-2368
URL http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.