QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2712

Published: Jun 16, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.vmware.com/security/advisories/VMSA-2009-0004.html

x_refsource_CONFIRM

SUSE-SR:2009:007

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

http://www.rdancer.org/vulnerablevim.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

oval:org.mitre.oval:def:6238

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_BID

vim-scripts-command-execution(43083)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2010-03-29-1

vendor-advisory

x_refsource_APPLE

vendor-advisory

x_refsource_REDHAT

http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

20080811 rPSA-2008-0247-1 gvim vim vim-minimal

mailing-list

x_refsource_BUGTRAQ

20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1

mailing-list

x_refsource_BUGTRAQ

oval:org.mitre.oval:def:11109

vdb-entry

signature

x_refsource_OVAL

20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim

mailing-list

x_refsource_BUGTRAQ

[oss-security] 20080616 CVE Id request: vim

mailing-list

x_refsource_MLIST

20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_VUPEN

http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://support.apple.com/kb/HT4077

x_refsource_CONFIRM

https://issues.rpath.com/browse/RPL-2622

x_refsource_CONFIRM

third-party-advisory

x_refsource_SREASON

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_VUPEN

[oss-security] 20081015 Vim CVE issues cleanup (plugins tar.vim, zip.vim) - CVE-2008-3074 and CVE-2008-3075

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

APPLE-SA-2008-10-09

vendor-advisory

x_refsource_APPLE

http://support.apple.com/kb/HT3216

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://wiki.rpath.com/Advisories:rPSA-2008-0247

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.