CVE-2002-1377

N/A Unknown

Published: December 23, 2002 Modified: April 16, 2026

Description

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108077992208690&w=2

Source: cve@mitre.org

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700

Source: cve@mitre.org

http://www.guninski.com/vim1.html

Source: cve@mitre.org

Patch Vendor Advisory

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2002-297.html

Source: cve@mitre.org

Patch Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2002-302.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/6384

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/10835

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812