Vulnerability identifier: #VU33140
Vulnerability risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Vim
Client/Desktop applications /
Office applications
Vendor: Vim.org
Description
The vulnerability allows a remote attacker to compromise the affected system.
im before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Vim: 8.0.0000 - 8.0.0055
External links
http://openwall.com/lists/oss-security/2016/11/22/20
http://rhn.redhat.com/errata/RHSA-2016-2972.html
http://www.debian.org/security/2016/dsa-3722
http://www.securityfocus.com/bid/94478
http://www.securitytracker.com/id/1037338
http://www.ubuntu.com/usn/USN-3139-1
http://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
http://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
http://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
http://github.com/vim/vim/releases/tag/v8.0.0056
http://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
http://lists.debian.org/debian-security-announce/2016/msg00305.html
http://security.gentoo.org/glsa/201701-29
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.