CVE-2008-3294

CVE-2008-3294 · LOW Severity

AV:L/AC:H/AU:N/C:P/I:P/A:P

src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.

Learn more about our User Device Pen Test.