#VU33140 Input validation error in Vim


Published: 2021-06-17

Vulnerability identifier: #VU33140

Vulnerability risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-1248

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Vim
Client/Desktop applications / Office applications

Vendor: Vim.org

Description

The vulnerability allows a remote attacker to compromise the affected system.

im before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vim: 8.0.0000 - 8.0.0055


External links
http://openwall.com/lists/oss-security/2016/11/22/20
http://rhn.redhat.com/errata/RHSA-2016-2972.html
http://www.debian.org/security/2016/dsa-3722
http://www.securityfocus.com/bid/94478
http://www.securitytracker.com/id/1037338
http://www.ubuntu.com/usn/USN-3139-1
http://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
http://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
http://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
http://github.com/vim/vim/releases/tag/v8.0.0056
http://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
http://lists.debian.org/debian-security-announce/2016/msg00305.html
http://security.gentoo.org/glsa/201701-29


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability