CVE-2004-1138
Summary
| CVE | CVE-2004-1138 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-01-10 05:00:00 UTC |
| Updated | 2017-10-11 01:29:00 UTC |
| Description | VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vim Development Group | Vim | 5.0 | All | All | All |
| Application | Vim Development Group | Vim | 5.1 | All | All | All |
| Application | Vim Development Group | Vim | 5.2 | All | All | All |
| Application | Vim Development Group | Vim | 5.3 | All | All | All |
| Application | Vim Development Group | Vim | 5.4 | All | All | All |
| Application | Vim Development Group | Vim | 5.5 | All | All | All |
| Application | Vim Development Group | Vim | 5.6 | All | All | All |
| Application | Vim Development Group | Vim | 5.7 | All | All | All |
| Application | Vim Development Group | Vim | 5.8 | All | All | All |
| Application | Vim Development Group | Vim | 6.0 | All | All | All |
| Application | Vim Development Group | Vim | 6.1 | All | All | All |
| Application | Vim Development Group | Vim | 6.2 | All | All | All |
| Application | Vim Development Group | Vim | 6.3.011 | All | All | All |
| Application | Vim Development Group | Vim | 6.3.025 | All | All | All |
| Application | Vim Development Group | Vim | 6.3.030 | All | All | All |
| Application | Vim Development Group | Vim | 6.3.044 | All | All | All |
| Application | Vim Development Group | Vim | 5.0 | All | All | All |
| Application | Vim Development Group | Vim | 5.1 | All | All | All |
| Application | Vim Development Group | Vim | 5.2 | All | All | All |
| Application | Vim Development Group | Vim | 5.3 | All | All | All |
| Application | Vim Development Group | Vim | 5.4 | All | All | All |
| Application | Vim Development Group | Vim | 5.5 | All | All | All |
| Application | Vim Development Group | Vim | 5.6 | All | All | All |
| Application | Vim Development Group | Vim | 5.7 | All | All | All |
| Application | Vim Development Group | Vim | 5.8 | All | All | All |
| Application | Vim Development Group | Vim | 6.0 | All | All | All |
| Application | Vim Development Group | Vim | 6.1 | All | All | All |
| Application | Vim Development Group | Vim | 6.2 | All | All | All |
| Application | Vim Development Group | Vim | 6.3.011 | All | All | All |
| Application | Vim Development Group | Vim | 6.3.025 | All | All | All |
| Application | Vim Development Group | Vim | 6.3.030 | All | All | All |
| Application | Vim Development Group | Vim | 6.3.044 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Support | REDHAT | www.redhat.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| Gentoo Linux Documentation -- Vim, gVim: Vulnerable options in modelines | GENTOO | www.gentoo.org | Patch, Vendor Advisory |
| FLSA:2343 | FEDORA | bugzilla.fedora.us | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| '[OpenPKG-SA-2004.052] OpenPKG Security Advisory (vim)' - MARC | OPENPKG | marc.info | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.