Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
3. vim: Vim: Arbitrary code execution via crafted file
A flaw was found in Vim. This vulnerability allows an attacker to execute malicious code on a user's system. This occurs when a user opens a specially crafted file, leading to immediate code execution due to a vulnerability in how Vim handles expressions within its tabpanel feature.