CVE-2004-1138
First published: Wed Dec 22 2004(Updated: )
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vim by Vim Development Group | =5.0 | |
| Vim by Vim Development Group | =5.1 | |
| Vim by Vim Development Group | =5.2 | |
| Vim by Vim Development Group | =5.3 | |
| Vim by Vim Development Group | =5.4 | |
| Vim by Vim Development Group | =5.5 | |
| Vim by Vim Development Group | =5.6 | |
| Vim by Vim Development Group | =5.7 | |
| Vim by Vim Development Group | =5.8 | |
| Vim by Vim Development Group | =6.0 | |
| Vim by Vim Development Group | =6.1 | |
| Vim by Vim Development Group | =6.2 | |
| Vim by Vim Development Group | =6.3.011 | |
| Vim by Vim Development Group | =6.3.025 | |
| Vim by Vim Development Group | =6.3.030 | |
| Vim by Vim Development Group | =6.3.044 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
- https://bugzilla.fedora.us/show_bug.cgi?id=2343
- http://www.redhat.com/support/errata/RHSA-2005-010.html
- http://www.redhat.com/support/errata/RHSA-2005-036.html
- http://marc.info/?l=bugtraq&m=110313588125609&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18503
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9571
Frequently Asked Questions
What is the severity of CVE-2004-1138?
CVE-2004-1138 is classified as a high severity vulnerability due to its ability to allow local users to execute arbitrary commands.
How do I fix CVE-2004-1138?
To fix CVE-2004-1138, upgrade to Vim 6.3 or later which contains the necessary patches addressing this vulnerability.
Who is affected by CVE-2004-1138?
CVE-2004-1138 affects local users of Vim versions prior to 6.3 across multiple versions including 5.0 to 6.2.
What vulnerabilities are similar to CVE-2004-1138?
Similar vulnerabilities include various command injection vulnerabilities in text editors that allow arbitrary code execution through crafted files.
Can CVE-2004-1138 be exploited remotely?
No, CVE-2004-1138 requires local access to the system to exploit the vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/vim development group
- product/vim
- canonical/vim development group vim
- canonical/vim by vim development group
- version/vim by vim development group/5.0
- version/vim by vim development group/5.1
- version/vim by vim development group/5.2
- version/vim by vim development group/5.3
- version/vim by vim development group/5.4
- version/vim by vim development group/5.5
- version/vim by vim development group/5.6
- version/vim by vim development group/5.7
- version/vim by vim development group/5.8
- version/vim by vim development group/6.0
- version/vim by vim development group/6.1
- version/vim by vim development group/6.2
- version/vim by vim development group/6.3.011
- version/vim by vim development group/6.3.025
- version/vim by vim development group/6.3.030
- version/vim by vim development group/6.3.044