[3.1] vim: Lack of validation of values for few options results in code exection (CVE-2016-1248)
A vulnerability was found in Vim which would allow arbitrary shell
commands to be run if a user opened a file with a malicious modeline.
This is due to lack of validation of values for a few options. Those
options’ values are then used in Vim’s scripts to build
a command string that’s evaluated by :execute, which is what allows the
shell commands to be run.
Fixed In Version:
vim 8.0.0056
Reference:
http://seclists.org/oss-sec/2016/q4/506
Patch:
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
(from redmine: issue id 6504, created on 2016-11-25, closed on 2016-12-20)
- Relations:
- parent #6500 (closed)