CVE-2002-1377 — MEDIUM severity vulnerability (vim 6.0 and 6.1, and possibly other versions, allows attacke)
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
| CVE ID | CVE-2002-1377 |
|---|---|
| Severity | MEDIUM |
| CVSS score | 4.6 |
| CVSS vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 2002-12-23 |
| Last modified | 2026-04-16 |
| Description | vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →