CVE-2007-2438

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

🔗 References (60)

• secalert@redhathttp://attrition.org/pipermail/vim/2007-May/001614.html
• secalert@redhathttp://marc.info/?l=vim-dev&m=117762581821298&w=2
• secalert@redhathttp://marc.info/?l=vim-dev&m=117778983714029&w=2
• secalert@redhathttp://osvdb.org/36250
• secalert@redhathttp://secunia.com/advisories/25024
• secalert@redhathttp://secunia.com/advisories/25159
• secalert@redhathttp://secunia.com/advisories/25182
• secalert@redhathttp://secunia.com/advisories/25255
• secalert@redhathttp://secunia.com/advisories/25367
• secalert@redhathttp://secunia.com/advisories/25432
• secalert@redhathttp://secunia.com/advisories/26653
• secalert@redhathttp://tech.groups.yahoo.com/group/vimannounce/message/178
• secalert@redhathttp://tech.groups.yahoo.com/group/vimdev/message/46627
• secalert@redhathttp://tech.groups.yahoo.com/group/vimdev/message/46645
• secalert@redhathttp://tech.groups.yahoo.com/group/vimdev/message/46658