Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2009-0316

CVE-2009-0316

UNKNOWN

Untrusted search path vulnerability in src/if_python

Published Jan 28, 2009

Modified 1 years ago

Details

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://support.apple.com/kb/HT4077

http://www.mandriva.com/security/advisories?name=MDVSA-2009:047

http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html

http://www.openwall.com/lists/oss-security/2009/01/26/2

http://www.securityfocus.com/bid/33447

https://bugzilla.redhat.com/show_bug.cgi?id=481565

https://exchange.xforce.ibmcloud.com/vulnerabilities/48275

https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045

https://www.cve.org/CVERecord?id=CVE-2009-0316

CVSS Analysis

CVSS v2.0

6.9

Exploitability

Access Vector

LocalAV:L

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

CompleteC:C

Integrity

CompleteI:C

Availability

CompleteA:C

6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C

Ecosystems

Timeline

PublishedJan 28, 2009

ModifiedAug 7, 2024

CVE-2009-0316 | Mondoo Vulnerability Intelligence