[VIM] CVE-2007-3242 (fwd)

Steven M. Christey coley at linus.mitre.org
Wed Jun 20 19:59:55 UTC 2007


Just after forwarding the email, I noticed this from the code the
developer mentioned:

> 	unless ($input_to_check =~ /^[\w  \:\.\/?-]/ ){
> 	error("You entered an invalid character. You may only enter letters,
> slashes, numbers, underscores, spaces, periodes, points, questions marks
> and hyphens. Kindly try again.");

This appears to be a poorly anchored regexp that only checks the first
character, so theoretically, the following would count as valid:

  A<script>alert('VALID');</script>

I have an inquiry into the developer about this suspicious code, which I
would imagine would be in heavy use in their application.

- Steve


More information about the VIM mailing list