CVE-2008-4101

2008-09-1800:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

68.5%

JSON

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters,
which allows user-assisted attackers to (1) execute arbitrary shell
commands by entering a K keystroke on a line that contains a “;”
(semicolon) followed by a command, or execute arbitrary Ex commands by
entering an argument after a (2) “Ctrl-]” (control close-square-bracket) or
(3) “g]” (g close-square-bracket) keystroke sequence, a different issue
than CVE-2008-2712.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchvim< 1:6.4-006+2ubuntu6.2UNKNOWN
ubuntu7.10noarchvim< 1:7.1-056+2ubuntu2.1UNKNOWN
ubuntu8.04noarchvim< 1:7.1-138+1ubuntu3.1UNKNOWN
ubuntu8.10noarchvim< 1:7.1.314-3ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	vim	< 1:6.4-006+2ubuntu6.2	UNKNOWN
ubuntu	7.10	noarch	vim	< 1:7.1-056+2ubuntu2.1	UNKNOWN
ubuntu	8.04	noarch	vim	< 1:7.1-138+1ubuntu3.1	UNKNOWN
ubuntu	8.10	noarch	vim	< 1:7.1.314-3ubuntu3.1	UNKNOWN