CVE-2009-0316

Vulnerability

The vulnerability is an untrusted search path in Vim's Python interface (src/if_python.c) before version 7.2.045. When Vim runs Python scripts, it relies on PySys_SetArgv, which adds the current working directory to Python's module search path. This allows a local attacker to trick Vim into loading a malicious Python file from the CWD instead of the intended system library. [2], [3]

Exploitation

An attacker must place a Trojan horse Python file (e.g., plugin/bike.vim or any Python module) in the current working directory where a victim launches Vim. When Vim's Python interface initializes, it will inadvertently import the attacker's file due to the altered search path. No special network position is needed; the attacker only needs local file write privileges to the CWD. The user interaction required is simply opening Vim in that directory. [2]

Impact

Successful exploitation allows arbitrary code execution with the privileges of the user running Vim. This can lead to complete compromise of the user's session, including data theft, installation of malware, or further privilege escalation. The impact is local code execution via a Trojan Python file. [3]

Mitigation

The fix is included in Vim version 7.2.045 and later. Users should upgrade to a patched version. For distributions like Red Hat Enterprise Linux 5, the issue was rated low severity and was not planned to be fixed in the vim package. Workarounds include avoiding running Vim from untrusted directories or disabling Python support in Vim if not needed. [2][3]