[VIM] Keyword Replacer plugin RFI seems to be fixed

Steven M. Christey coley at mitre.org
Sat Mar 3 21:30:11 EST 2007

Ref: http://milw0rm.com/exploits/2528

Vector: addon_keywordreplacer.php?pathToFiles

SECUNIA:22401 states "the vulnerability is confirmed in the release
from 29/05/2006."

Downloading the ZIP file mentioned in the disclosure, we see that
addon_keywordreplacer.php is dated Oct 25, 2006 - about 2 weeks after
the initial milw0rm post.

The first line is now:

  if (!defined('INCLUDED776')) die ('Fatal error.');

I don't have an older version to compare it to, so I don't know if the
original disclosure was just grep-and-gripe.

- Steve

More information about the VIM mailing list