Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Published

2008-06-16T21:41:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vim	vim	≤ 6.4	Yes
Application	vim	vim	≤ 7.1.314	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes

References

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=121494431426308&w=2 Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/30731 Third Party Advisory ([email protected])
http://secunia.com/advisories/32222 Third Party Advisory ([email protected])
http://secunia.com/advisories/32858 Third Party Advisory ([email protected])
http://secunia.com/advisories/32864 Third Party Advisory ([email protected])
http://secunia.com/advisories/33410 Third Party Advisory ([email protected])
http://secunia.com/advisories/34418 Third Party Advisory ([email protected])
http://securityreason.com/securityalert/3951 Third Party Advisory ([email protected])
http://support.apple.com/kb/HT3216 Third Party Advisory ([email protected])
http://support.apple.com/kb/HT4077 Third Party Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm Third Party Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm Third Party Advisory ([email protected])
http://wiki.rpath.com/Advisories:rPSA-2008-0247 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2008/06/16/2 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2008/10/15/1 Mailing List, Third Party Advisory ([email protected])
http://www.rdancer.org/vulnerablevim.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0580.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0617.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0618.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/493352/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/493353/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/495319/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/502322/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/29715 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/31681 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1020293 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-712-1 Third Party Advisory ([email protected])
http://www.vmware.com/security/advisories/VMSA-2009-0004.html Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/1851/references Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0033 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0904 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083 Third Party Advisory, VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-2622 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238 Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=121494431426308&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30731 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32222 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32858 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32864 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33410 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34418 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3951 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4077 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/Advisories:rPSA-2008-0247 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2008/06/16/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2008/10/15/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.rdancer.org/vulnerablevim.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0580.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0617.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0618.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/493352/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/493353/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/495319/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/502322/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/29715 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/31681 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1020293 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-712-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2009-0004.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1851/references Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2780 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0033 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0904 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-2622 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)