Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2008-2712
Description:Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Test IDs: 1.3.6.1.4.1.25623.1.0.63500   1.3.6.1.4.1.25623.1.0.61187   1.3.6.1.4.1.25623.1.0.122541  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2008-2712
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 29715
http://www.securityfocus.com/bid/29715
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search)
http://www.securityfocus.com/archive/1/493352/100/0/threaded
Bugtraq: 20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search)
http://www.securityfocus.com/archive/1/493353/100/0/threaded
Bugtraq: 20080701 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1 (Google Search)
http://marc.info/?l=bugtraq&m=121494431426308&w=2
Bugtraq: 20080811 rPSA-2008-0247-1 gvim vim vim-minimal (Google Search)
http://www.securityfocus.com/archive/1/495319/100/0/threaded
Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search)
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
http://www.rdancer.org/vulnerablevim.html
http://www.openwall.com/lists/oss-security/2008/06/16/2
http://www.openwall.com/lists/oss-security/2008/10/15/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238
RedHat Security Advisories: RHSA-2008:0580
http://www.redhat.com/support/errata/RHSA-2008-0580.html
RedHat Security Advisories: RHSA-2008:0617
http://www.redhat.com/support/errata/RHSA-2008-0617.html
RedHat Security Advisories: RHSA-2008:0618
http://www.redhat.com/support/errata/RHSA-2008-0618.html
http://www.securitytracker.com/id?1020293
http://secunia.com/advisories/30731
http://secunia.com/advisories/32222
http://secunia.com/advisories/32858
http://secunia.com/advisories/32864
http://secunia.com/advisories/33410
http://secunia.com/advisories/34418
http://securityreason.com/securityalert/3951
SuSE Security Announcement: SUSE-SR:2009:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://www.ubuntu.com/usn/USN-712-1
http://www.vupen.com/english/advisories/2008/1851/references
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
XForce ISS Database: vim-scripts-command-execution(43083)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083




© 1998-2024 E-Soft Inc. All rights reserved.