[VIM] Clarification on CVE-2006-2480 - more vectors

Steven M. Christey coley at mitre.org
Mon May 22 23:08:43 EDT 2006

FYI, CVE-2006-2480 was originally described to affect filenames of
.bmp files, but Ludwig Nussel of SUSE Linux has informed CVE that the
affected code has format string issues for any error or warning,
including certain file contents, not just filenames or .bmp

- Steve

Name: CVE-2006-2480
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480
Reference: VULN-DEV:20060506 DIA file name handling format string
Reference: URL:http://www.securityfocus.com/archive/82/433313/30/0/threaded
Reference: MISC:http://kandangjamur.net/tutorial/dia.txt
Reference: CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=342111
Reference: SECUNIA:20199
Reference: URL:http://secunia.com/advisories/20199

Format string vulnerability in Dia 0.94 allows user-complicit
attackers to cause a denial of service (crash) and possibly execute
arbitrary code by triggering errors or warnings, as demonstrated via
format string specifiers in a .bmp filename.  NOTE: since the exploit
occurs through a command line argument, it is possible that this is
not a vulnerability, unless there exist typical mechanisms under which
the filename is automatically provided to Dia via another product,
such as a browser.

More information about the VIM mailing list