9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.175 Low
EPSS
Percentile
95.6%
Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.
Several input sanitization flaws were found in Vim’s keyword and tag
handling. If Vim looked up a document’s maliciously crafted tag or keyword,
it was possible to execute arbitrary code as the user running Vim.
(CVE-2008-4101)
A heap-based overflow flaw was discovered in Vim’s expansion of file name
patterns with shell wildcards. An attacker could create a specially-crafted
file or directory name that, when opened by Vim, caused the application to
crash or, possibly, execute arbitrary code. (CVE-2008-3432)
Several input sanitization flaws were found in various Vim system
functions. If a user opened a specially crafted file, it was possible to
execute arbitrary code as the user running Vim. (CVE-2008-2712)
Ulf Härnhammar, of Secunia Research, discovered a format string flaw in
Vim’s help tag processor. If a user was tricked into executing the
“helptags” command on malicious data, arbitrary code could be executed with
the permissions of the user running Vim. (CVE-2007-2953)
All Vim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | ppc | vim-x11 | < 6.3.046-1.el4_7.5z | vim-X11-6.3.046-1.el4_7.5z.ppc.rpm |
RedHat | 4 | i386 | vim-common | < 6.3.046-1.el4_7.5z | vim-common-6.3.046-1.el4_7.5z.i386.rpm |
RedHat | 4 | src | vim | < 6.3.046-1.el4_7.5z | vim-6.3.046-1.el4_7.5z.src.rpm |
RedHat | 4 | ppc | vim-common | < 6.3.046-1.el4_7.5z | vim-common-6.3.046-1.el4_7.5z.ppc.rpm |
RedHat | 4 | s390x | vim-x11 | < 6.3.046-1.el4_7.5z | vim-X11-6.3.046-1.el4_7.5z.s390x.rpm |
RedHat | 4 | i386 | vim-x11 | < 6.3.046-1.el4_7.5z | vim-X11-6.3.046-1.el4_7.5z.i386.rpm |
RedHat | 4 | s390x | vim-minimal | < 6.3.046-1.el4_7.5z | vim-minimal-6.3.046-1.el4_7.5z.s390x.rpm |
RedHat | 4 | s390 | vim-minimal | < 6.3.046-1.el4_7.5z | vim-minimal-6.3.046-1.el4_7.5z.s390.rpm |
RedHat | 4 | s390 | vim-enhanced | < 6.3.046-1.el4_7.5z | vim-enhanced-6.3.046-1.el4_7.5z.s390.rpm |
RedHat | 4 | x86_64 | vim-common | < 6.3.046-1.el4_7.5z | vim-common-6.3.046-1.el4_7.5z.x86_64.rpm |