Susanne Ramsey wrote:
> The National Vulnerability Database (NVD) lists a high vulnerability for VIM
> 8.0. https://nvd.nist.gov/vuln/detail/CVE-2017-11109
> Vim 8.0 allows attackers to cause a denial of service or possibly have
> unspecified other impact via a crafted source (aka -S) fi
On Do, 28 Sep 2017, Ramsey, Susanne B. wrote:
> Greetings;
>
> The National Vulnerability Database (NVD) lists a high vulnerability for VIM
> 8.0. https://nvd.nist.gov/vuln/detail/CVE-2017-11109
> Vim 8.0 allows attackers to cause a denial of service or possibly have
> unspecified other
While I can see value in fixing the invalid-free instance described,
a vimscript can already call out to any shell command it wants.
$ echo 'Important file, do not delete'! > important_file.txt
$ echo "call system('touch demo.txt')" > demo.vim
$ echo "call system('rm important_file.txt')" >>
Greetings;
The National Vulnerability Database (NVD) lists a high vulnerability for VIM
8.0. https://nvd.nist.gov/vuln/detail/CVE-2017-11109
Vim 8.0 allows attackers to cause a denial of service or possibly have
unspecified other impact via a crafted source (aka -S) file.
NOTE: the