Veracode Vulnerability DatabaseVERACODE:23406Arbitrary Code Execution
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
vim is vulnerable to arbitrary code execution. The vulnerability exists as a security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vim | eq | 7.0.109__3.el5.3 | |
| vim | eq | 7.0.109__3.el5.3 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919
lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
marc.info/?l=bugtraq&m=121494431426308&w=2
secunia.com/advisories/34418
wiki.rpath.com/wiki/Advisories:rPSA-2008-0324
www.mandriva.com/security/advisories?name=MDVSA-2008:236
www.openwall.com/lists/oss-security/2008/07/07/1
www.openwall.com/lists/oss-security/2008/07/07/4
www.openwall.com/lists/oss-security/2008/07/08/12
www.openwall.com/lists/oss-security/2008/07/10/7
www.openwall.com/lists/oss-security/2008/07/13/1
www.openwall.com/lists/oss-security/2008/07/15/4
www.openwall.com/lists/oss-security/2008/08/01/1
www.openwall.com/lists/oss-security/2008/10/15/1
www.openwall.com/lists/oss-security/2008/10/20/2
www.rdancer.org/vulnerablevim.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2008-0580.html
www.securityfocus.com/bid/32463
access.redhat.com/errata/RHSA-2008:0580
bugzilla.redhat.com/show_bug.cgi?id=467432
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10246
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C