Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2004-1138 | First vendor Publication | 2005-01-10 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1138 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:9571 | |||
| Oval ID: | oval:org.mitre.oval:def:9571 | ||
| Title: | VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. | ||
| Description: | VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-1138 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-10 (vim) File : nvt/glsa_200412_10.nasl |
| 2008-09-04 | Name : FreeBSD Ports: vim, vim-lite, vim+ruby File : nvt/freebsd_vim.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 12420 | Vim / Gvim Modelines Arbitrary Command Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-52-1.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_bd9fc2bf5ffe11d9a11a000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
| 2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-036.nasl - Type : ACT_GATHER_INFO |
| 2005-01-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-003.nasl - Type : ACT_GATHER_INFO |
| 2005-01-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-010.nasl - Type : ACT_GATHER_INFO |
| 2004-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200412-10.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:22:35 |
|
| 2024-11-28 12:06:17 |
|
| 2021-05-04 12:02:28 |
|
| 2021-04-22 01:02:38 |
|
| 2020-05-23 00:15:57 |
|
| 2017-10-11 09:23:25 |
|
| 2017-07-11 12:01:34 |
|
| 2016-10-18 12:01:24 |
|
| 2016-04-26 12:56:06 |
|
| 2014-02-17 10:28:29 |
|
| 2013-05-11 11:44:06 |
|
