Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-2712

Опубликовано: 16 июн. 2008
Источник: nvd
CVSS2: 9.3
EPSS Средний

Описание

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Версия до 6.4 (включая)
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Версия от 7.0 (включая) до 7.1.314 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.11919
Средний

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2008-2712

ubuntu
около 17 лет назад

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

redhat логотип

CVE-2008-2712

redhat
около 17 лет назад

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

debian логотип

CVE-2008-2712

debian
около 17 лет назад

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attac ...

github логотип

GHSA-j8hm-6qv5-gj2w

github
около 3 лет назад

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

oracle-oval логотип

ELSA-2008-0580

oracle-oval
больше 16 лет назад

ELSA-2008-0580: vim security update (MODERATE)

EPSS

Процентиль: 93%
0.11919
Средний

9.3 Critical

CVSS2

Дефекты

CWE-20