Lucene search

PRIOn knowledge basePRION:CVE-2008-4101

HistorySep 18, 2008 - 5:59 p.m.

Code injection

2008-09-1817:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.2%

JSON

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a “;” (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) “Ctrl-]” (control close-square-bracket) or (3) “g]” (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

CPENameOperatorVersion
vimeq5.7
vimeq6.4
vimeq3.0
vimeq6.3
vimeq5.4
vimeq7.1
vimeq7.0
vimle7.2
vimeq5.2
vimeq5.3

Name	Operator	Version
vim	eq	5.7
vim	eq	6.4
vim	eq	3.0
vim	eq	6.3
vim	eq	5.4
vim	eq	7.1
vim	eq	7.0
vim	le	7.2
vim	eq	5.2
vim	eq	5.3

Rows per page:

1-10 of 191

References

ftp.vim.org/pub/vim/patches/7.2/7.2.010

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

secunia.com/advisories/31592

secunia.com/advisories/32222

secunia.com/advisories/32858

secunia.com/advisories/32864

secunia.com/advisories/33410

support.apple.com/kb/HT3216

support.apple.com/kb/HT4077

support.avaya.com/elmodocs2/security/ASA-2008-457.htm

support.avaya.com/elmodocs2/security/ASA-2009-001.htm

www.mandriva.com/security/advisories?name=MDVSA-2008:236

www.openwall.com/lists/oss-security/2008/09/11/3

www.openwall.com/lists/oss-security/2008/09/11/4

www.openwall.com/lists/oss-security/2008/09/16/5

www.openwall.com/lists/oss-security/2008/09/16/6

www.rdancer.org/vulnerablevim-K.html

www.redhat.com/support/errata/RHSA-2008-0580.html

www.redhat.com/support/errata/RHSA-2008-0617.html

www.redhat.com/support/errata/RHSA-2008-0618.html

www.securityfocus.com/archive/1/495662

www.securityfocus.com/archive/1/495703

www.securityfocus.com/archive/1/502322/100/0/threaded

www.securityfocus.com/bid/30795

www.securityfocus.com/bid/31681

www.ubuntu.com/usn/USN-712-1

www.vmware.com/security/advisories/VMSA-2009-0004.html

www.vupen.com/english/advisories/2008/2780

www.vupen.com/english/advisories/2009/0033

www.vupen.com/english/advisories/2009/0904

bugzilla.redhat.com/show_bug.cgi?id=461927

exchange.xforce.ibmcloud.com/vulnerabilities/44626

groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2

groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2

groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e

groups.google.com/group/vim_dev/msg/9290f26f9bc11b33

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812