[3.4] vim: Lack of validation of values for few options results in code exection (CVE-2016-1248)ID: oval:org.secpod.oval:def:1800916 | Date: (C)2018-03-29 (M)2024-02-19 |
Class: PATCH | Family: unix |
A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options" values are then used in Vim"s scripts to build a command string that"s evaluated by :execute, which is what allows the shell commands to be run. Fixed In Version: vim 8.0.0056.
Platform: |
Alpine Linux 3.4 |