Moderate

CVE-2009-0316 - Unspecified vulnerability in VIM

Publication: 2009-01-28
Summary

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Risk level (CVSS 6.9)

Moderate

6.9

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • VIM VIM 1.0
  • VIM VIM 1.22
  • VIM VIM 3.0
  • VIM VIM 4.0
  • VIM VIM 5.0
  • VIM VIM 5.1
  • VIM VIM 5.2
  • VIM VIM 5.3
  • VIM VIM 5.4
  • VIM VIM 5.5
  • VIM VIM 5.6
  • VIM VIM 5.7
  • VIM VIM 5.8
  • VIM VIM 6.0
  • VIM VIM 6.1
  • VIM VIM 6.2
  • VIM VIM 6.3
  • VIM VIM 6.4
  • VIM VIM 7.0
  • VIM VIM 7.1
  • VIM VIM 7.2