On Sat, Jun 14, 2008 at 6:09 AM, Bram Moolenaar <[EMAIL PROTECTED]> wrote: > > Jan Minar wrote: > >> 1. Summary >> >> Product : Vim -- Vi IMproved >> Version : Tested with 7.1.314 and 6.4 >> Impact : Arbitrary code execution >> Wherefrom: Local and remote >> Original : http://www.rdancer.org/vulnerablevim.html >> >> Improper quoting in some parts of Vim written in the Vim Script can lead to >> arbitrary code execution upon opening a crafted file. > > Thanks to Jan for finding these problems and explaining them > exhaustively. I received a note a month ago and all reported problems > have been fixed. Either by patches or updates to the runtime files. >
What are the suggested changes to prevent the above types of exploits in Vim plugins that are not shipped with Vim, but used by many users? I see from the above page that most of the exploits are because of the use of the "execute" command with a filename. Can we use the following code to fix this exploit in other Vim plugins? let s:esc_filename_chars = ' *?`%#"|!<' . "'\t\n" let esc_fname = escape(fname, s:esc_filename_chars) Many of these plugins are used with earlier versions of Vim. So we cannot use the new fnameescape() function. - Yegappan --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
