CVE-2007-2438 — vim - several vulnerabilities

Description

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

How to fix CVE-2007-2438

To remediate CVE-2007-2438, upgrade the affected package to a fixed version below.

Debian/vim—upgrade to 1:7.1-022+1 or later
Debian/vim—upgrade to 1:6.3-071+1sarge2 or later
Debian/vim—upgrade to 1:7.0-122+1etch3 or later

Is CVE-2007-2438 being exploited?

Low — EPSS is 3.5%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1:7.1-022+1
from 0, < 1:6.3-071+1sarge2
from 0, < 1:7.0-122+1etch3

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2438