Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

对搜索路径元素未加控制

Vim 代码问题漏洞

Vim是Vim开源的一款跨平台的文本编辑器。 Vim 9.1.1947之前版本存在代码问题漏洞，该漏洞源于Windows上搜索路径控制不足，可能导致执行恶意可执行文件。

N/A

N/A