Showing 1 - 4 of 4

CVE-2016-1248

Status Candidate

Overview

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

Related Files

Apple Security Advisory 2017-01-23-2: Posted Jan 24, 2017; Authored by Apple | Site apple.com; Apple Security Advisory 2017-01-23-2 - macOS 10.12.3 is now available and addresses suffers from code execution and various other security vulnerabilities.; tags | advisory, vulnerability, code execution; systems | apple; advisories | CVE-2016-1248, CVE-2016-8670, CVE-2016-8687, CVE-2016-9933, CVE-2016-9934, CVE-2017-2353, CVE-2017-2357, CVE-2017-2358, CVE-2017-2360, CVE-2017-2361, CVE-2017-2370, CVE-2017-2371; SHA-256 | 4c40e5dbd35093797941e97f507065322698c00b5f58f1d348c313103335398b; Download | Favorite | View

Gentoo Linux Security Advisory 201701-29: Posted Jan 11, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201701-29 - A vulnerability has been found in Vim and gVim concerning how certain modeline options are treated. Versions less than 8.0.0106 are affected.; tags | advisory; systems | linux, gentoo; advisories | CVE-2016-1248; SHA-256 | d8d6b74e6f707f724af9b04c7f14183c8bfe3e04379bb2adeb665e9b6a44719f; Download | Favorite | View

Red Hat Security Advisory 2016-2972-01: Posted Dec 20, 2016; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2016-2972-01 - Vim is an updated and improved version of the vi editor. Security Fix: A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim.; tags | advisory, arbitrary; systems | linux, redhat; advisories | CVE-2016-1248; SHA-256 | cc11a7a8f8ac4e1541226f52f5a0287c18a6d65d6c407fe60139bf255df0eea3; Download | Favorite | View

Ubuntu Security Notice USN-3139-1: Posted Nov 29, 2016; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3139-1 - Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2016-1248; SHA-256 | cd7c375a66724dd2cd449203c8cca7ddce33d575128a34810feae44d65173725; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2016-1248

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems