Vim Development Group » VIM : Security Vulnerabilities, CVEs, Published In 2005
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
Max CVSS
9.3
EPSS Score
0.74%
Published
2005-07-26
Updated
2017-10-11
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-01-13
Updated
2017-10-11
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.
Max CVSS
7.2
EPSS Score
0.06%
Published
2005-01-10
Updated
2017-10-11
3 vulnerabilities found