CVE-2008-2712 Information

Feb 14, 2021 cve

Description

Vim 7.1.314 6.4 and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions as demonstrated using (1) filetype.vim (3) xpm.vim (4) gzip_vim and (5) netrw. NOTE: the originally reported version was 7.1.314 but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Reference

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=121494431426308&w=2 http://secunia.com/advisories/30731 http://secunia.com/advisories/32222 http://secunia.com/advisories/32858 http://secunia.com/advisories/32864 http://secunia.com/advisories/33410 http://secunia.com/advisories/34418 http://securityreason.com/securityalert/3951 http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT4077 http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm http://wiki.rpath.com/Advisories:rPSA-2008-0247 http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 http://www.openwall.com/lists/oss-security/2008/06/16/2 http://www.openwall.com/lists/oss-security/2008/10/15/1 http://www.rdancer.org/vulnerablevim.html http://www.redhat.com/support/errata/RHSA-2008-0580.html http://www.redhat.com/support/errata/RHSA-2008-0617.html http://www.redhat.com/support/errata/RHSA-2008-0618.html http://www.securityfocus.com/archive/1/493352/100/0/threaded http://www.securityfocus.com/archive/1/493353/100/0/threaded http://www.securityfocus.com/archive/1/495319/100/0/threaded http://www.securityfocus.com/archive/1/502322/100/0/threaded http://www.securityfocus.com/bid/29715 http://www.securityfocus.com/bid/31681 http://www.securitytracker.com/id?1020293 http://www.ubuntu.com/usn/USN-712-1 http://www.vmware.com/security/advisories/VMSA-2009-0004.html http://www.vupen.com/english/advisories/2008/1851/references http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2009/0033 http://www.vupen.com/english/advisories/2009/0904 https://exchange.xforce.ibmcloud.com/vulnerabilities/43083 https://issues.rpath.com/browse/RPL-2622 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11109 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6238

Share on: