CVE-2008-2712

2008-06-1600:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

83.9%

JSON

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers
to execute arbitrary commands via Vim scripts that do not properly sanitize
inputs before invoking the execute or system functions, as demonstrated
using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE:
the originally reported version was 7.1.314, but the researcher actually
found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally
vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchvim< 1:6.4-006+2ubuntu6.2UNKNOWN
ubuntu7.10noarchvim< 1:7.1-056+2ubuntu2.1UNKNOWN
ubuntu8.04noarchvim< 1:7.1-138+1ubuntu3.1UNKNOWN
ubuntu8.10noarchvim< 1:7.1.314-3ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	vim	< 1:6.4-006+2ubuntu6.2	UNKNOWN
ubuntu	7.10	noarch	vim	< 1:7.1-056+2ubuntu2.1	UNKNOWN
ubuntu	8.04	noarch	vim	< 1:7.1-138+1ubuntu3.1	UNKNOWN
ubuntu	8.10	noarch	vim	< 1:7.1.314-3ubuntu1	UNKNOWN