7.3 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
83.8%
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 6.06 | |
ubuntu_linux | eq | 7.10 | |
ubuntu_linux | eq | 8.04 | |
ubuntu_linux | eq | 8.10 | |
vim | le | 6.4 | |
vim | ge | 7.0 | |
vim | le | 7.1.314 |
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
secunia.com/advisories/30731
secunia.com/advisories/32222
secunia.com/advisories/32858
secunia.com/advisories/32864
secunia.com/advisories/33410
secunia.com/advisories/34418
securityreason.com/securityalert/3951
support.apple.com/kb/HT3216
support.apple.com/kb/HT4077
support.avaya.com/elmodocs2/security/ASA-2008-457.htm
support.avaya.com/elmodocs2/security/ASA-2009-001.htm
wiki.rpath.com/Advisories:rPSA-2008-0247
www.mandriva.com/security/advisories?name=MDVSA-2008:236
www.openwall.com/lists/oss-security/2008/06/16/2
www.openwall.com/lists/oss-security/2008/10/15/1
www.rdancer.org/vulnerablevim.html
www.redhat.com/support/errata/RHSA-2008-0580.html
www.redhat.com/support/errata/RHSA-2008-0617.html
www.redhat.com/support/errata/RHSA-2008-0618.html
www.securityfocus.com/archive/1/493352/100/0/threaded
www.securityfocus.com/archive/1/493353/100/0/threaded
www.securityfocus.com/archive/1/495319/100/0/threaded
www.securityfocus.com/archive/1/502322/100/0/threaded
www.securityfocus.com/bid/29715
www.securityfocus.com/bid/31681
www.securitytracker.com/id?1020293
www.ubuntu.com/usn/USN-712-1
www.vmware.com/security/advisories/VMSA-2009-0004.html
www.vupen.com/english/advisories/2008/1851/references
www.vupen.com/english/advisories/2008/2780
www.vupen.com/english/advisories/2009/0033
www.vupen.com/english/advisories/2009/0904
exchange.xforce.ibmcloud.com/vulnerabilities/43083
issues.rpath.com/browse/RPL-2622
marc.info/?l=bugtraq&m=121494431426308&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238