Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2008-2712

Опубликовано: 16 июн. 2008
Источник: ubuntu
Приоритет: medium
CVSS2: 9.3

Описание

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

РелизСтатусПримечание
dapper

released

1:6.4-006+2ubuntu6.2
devel

released

1:7.1.314-3ubuntu1
feisty

ignored

end of life, was needed
gutsy

released

1:7.1-056+2ubuntu2.1
hardy

released

1:7.1-138+1ubuntu3.1
intrepid

released

1:7.1.314-3ubuntu1
upstream

released

1:7.1.314-3

Показывать по

Ссылки на источники

9.3 Critical

CVSS2

Связанные уязвимости

redhat логотип

CVE-2008-2712

redhat
около 17 лет назад

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

nvd логотип

CVE-2008-2712

nvd
около 17 лет назад

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

debian логотип

CVE-2008-2712

debian
около 17 лет назад

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attac ...

github логотип

GHSA-j8hm-6qv5-gj2w

github
около 3 лет назад

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

oracle-oval логотип

ELSA-2008-0580

oracle-oval
больше 16 лет назад

ELSA-2008-0580: vim security update (MODERATE)

9.3 Critical

CVSS2

Уязвимость CVE-2008-2712