Lucene search

K

[email protected]CVE-2007-2953

HistoryJul 31, 2007 - 10:17 a.m.

CVE-2007-2953

2007-07-3110:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

28

cve-2007-2953

vulnerability

vim

format string

helptags command

nvd

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.278 Low

EPSS

Percentile

96.8%

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

CPENameOperatorVersion
vim_development_group:vimvim development group vimeq7.1
vim_development_group:vimvim development group vimle6.4
vim_development_group:vimvim development group vimeq7.0
vim_development_group:vimvim development group vimeq7.1.38

References

ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039

secunia.com/advisories/25941

secunia.com/advisories/26285

secunia.com/advisories/26522

secunia.com/advisories/26594

secunia.com/advisories/26653

secunia.com/advisories/26674

secunia.com/advisories/26822

secunia.com/advisories/32858

secunia.com/advisories/33410

secunia.com/secunia_research/2007-66/advisory/

support.avaya.com/elmodocs2/security/ASA-2009-001.htm

www.attrition.org/pipermail/vim/2007-August/001770.html

www.debian.org/security/2007/dsa-1364

www.mandriva.com/security/advisories?name=MDKSA-2007:168

www.mandriva.com/security/advisories?name=MDVSA-2008:236

www.novell.com/linux/security/advisories/2007_18_sr.html

www.redhat.com/support/errata/RHSA-2008-0580.html

www.redhat.com/support/errata/RHSA-2008-0617.html

www.securityfocus.com/archive/1/475076/100/100/threaded

www.securityfocus.com/archive/1/502322/100/0/threaded

www.securityfocus.com/bid/25095

www.trustix.org/errata/2007/0026/

www.ubuntu.com/usn/usn-505-1

www.vmware.com/security/advisories/VMSA-2009-0004.html

www.vupen.com/english/advisories/2007/2687

www.vupen.com/english/advisories/2009/0033

www.vupen.com/english/advisories/2009/0904

exchange.xforce.ibmcloud.com/vulnerabilities/35655

issues.rpath.com/browse/RPL-1595

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11549

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6463

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.278 Low

EPSS

Percentile

96.8%

Related for CVE-2007-2953

openvas25 nessus17 veracode1 prion1 ubuntucve1 seebug1 ubuntu1 freebsd1 debiancve1 osv2 debian2 oraclelinux2 centos2 redhat2 vmware2