#VU33140 Input validation error in Vim - CVE-2016-1248
Vulnerability identifier: #VU33140
Vulnerability risk: High
CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Vim
Client/Desktop applications /
Software for system administration
Vendor: Vim.org
Description
The vulnerability allows a remote attacker to compromise the affected system.
im before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Vim: 8.0.0000 - 8.0.0055
External links
https://openwall.com/lists/oss-security/2016/11/22/20
https://rhn.redhat.com/errata/RHSA-2016-2972.html
https://www.debian.org/security/2016/dsa-3722
https://www.securityfocus.com/bid/94478
https://www.securitytracker.com/id/1037338
https://www.ubuntu.com/usn/USN-3139-1
https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
https://github.com/vim/vim/releases/tag/v8.0.0056
https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
https://lists.debian.org/debian-security-announce/2016/msg00305.html
https://security.gentoo.org/glsa/201701-29
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
