Software vulnerabilities are flaws in a product that compromise system security. In large software systems, developers struggle to pinpoint vulnerable statements from vulnerable functions when new vulnerabilities arise. Existing research underutilizes vulnerability reports which can provide crucial contextual information for identifying vulnerable functions and their corresponding statements in source code. This paper introduces an information retrievalbased approach named Vulnerable Functions and Statements Detector (VFSDetector), aimed at identifying vulnerable functions and pinpointing vulnerable statements within source code using vulnerability reports. VFSDetector assesses vulnerable functions by comparing textual content from vulnerability report corpora with source code corpora. This involves modifying the conventional Vector Space Model termed as revised Vector Space Model (rVSM). The effectiveness of this methodology is initially evaluated by examining 10 vulnerability reports from seven prominent open-source projects. Results indicate that VFSDetector accurately identifies the genuine vulnerable function as the 1st ranked function in 40% cases and accurately pinpoint vulnerable statements in 20% cases. Furthermore, it places the actual vulnerable function within the top five ranks in 90% cases and vulnerable statement in 70% cases. It ranks vulnerable functions within the top seven rank and vulnerable statements in top fifteen rank for all analyzed reports. Consequently, developers can leverage these findings to accelerate the implementation of successful patches on vulnerable functions in specific statements