CVE-2008-2712

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2008-2712

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-2712.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2008-2712

Related

Published

2008-06-16T21:41:00Z

Modified

2024-11-21T00:47:31Z

Summary

[none]

Details

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

References

Affected packages

Debian:11 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.1.314-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.1.314-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.1.314-3

Ecosystem specific

{
    "urgency": "low"
}