Main Vulnerability Database Vulnerabilities #VU7562

Improper input validation in Vim - CVE-2017-11109

Published: July 18, 2017 / Updated: July 18, 2017

Vulnerability identifier: #VU7562

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-11109

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Vim.org

Affected software:
Vim

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to invalid free when processing source files in VIM. A remote attacker can create a specially crafted source file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to mitigate CVE-2017-11109

Update to version 8.0.0722.

Sources

https://security.archlinux.org/CVE-2017-11109

Improper input validation in Vim - CVE-2017-11109

Detailed vulnerability description

How to mitigate CVE-2017-11109

Sources

Please verify you're human