CVE-2009-0316
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.
Una vulnerabilidad de ruta de búsqueda no confiable en el archivo src/if_python.c en la interfaz de Python en Vim en versiones anteriores a 7.2.045, permite a los usuarios locales ejecutar código arbitrario por medio de un archivo Python de tipo caballo de Troya en el directorio de trabajo actual, relacionado con una vulnerabilidad en la función PySys_SetArgv (CVE- 2008-5983), como es demostrado por una ruta de búsqueda errónea para el archivo plugin/bike.vim en bicyclerepair.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-01-27 CVE Reserved
- 2009-01-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305 | X_refsource_misc | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937 | X_refsource_confirm | |
| http://support.apple.com/kb/HT4077 | X_refsource_confirm |
|
| http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html | Mailing List | |
| http://www.openwall.com/lists/oss-security/2009/01/26/2 | Mailing List |
|
| http://www.securityfocus.com/bid/33447 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=481565 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48275 | Vdb Entry | |
| https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | 2017-08-08 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:047 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | <= 7.2 Search vendor "Vim" for product "Vim" and version " <= 7.2" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 1.0 Search vendor "Vim" for product "Vim" and version "1.0" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 1.22 Search vendor "Vim" for product "Vim" and version "1.22" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 3.0 Search vendor "Vim" for product "Vim" and version "3.0" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 4.0 Search vendor "Vim" for product "Vim" and version "4.0" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.0 Search vendor "Vim" for product "Vim" and version "5.0" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.1 Search vendor "Vim" for product "Vim" and version "5.1" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.2 Search vendor "Vim" for product "Vim" and version "5.2" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.3 Search vendor "Vim" for product "Vim" and version "5.3" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.4 Search vendor "Vim" for product "Vim" and version "5.4" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.5 Search vendor "Vim" for product "Vim" and version "5.5" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.6 Search vendor "Vim" for product "Vim" and version "5.6" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.7 Search vendor "Vim" for product "Vim" and version "5.7" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 5.8 Search vendor "Vim" for product "Vim" and version "5.8" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 6.0 Search vendor "Vim" for product "Vim" and version "6.0" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 6.1 Search vendor "Vim" for product "Vim" and version "6.1" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 6.2 Search vendor "Vim" for product "Vim" and version "6.2" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 6.3 Search vendor "Vim" for product "Vim" and version "6.3" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 6.4 Search vendor "Vim" for product "Vim" and version "6.4" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 7.0 Search vendor "Vim" for product "Vim" and version "7.0" | - |
Affected
| ||||||
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | 7.1 Search vendor "Vim" for product "Vim" and version "7.1" | - |
Affected
| ||||||