[VIM] Keyword Replacer plugin RFI seems to be fixed
Steven M. Christey
coley at mitre.org
Sat Mar 3 21:30:11 EST 2007
Ref: http://milw0rm.com/exploits/2528
Vector: addon_keywordreplacer.php?pathToFiles
SECUNIA:22401 states "the vulnerability is confirmed in the release
from 29/05/2006."
Downloading the ZIP file mentioned in the disclosure, we see that
addon_keywordreplacer.php is dated Oct 25, 2006 - about 2 weeks after
the initial milw0rm post.
The first line is now:
if (!defined('INCLUDED776')) die ('Fatal error.');
I don't have an older version to compare it to, so I don't know if the
original disclosure was just grep-and-gripe.
- Steve
More information about the VIM
mailing list