CVE-2008-2712

NONECVSS 0.0

0.0

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

🔗 References (80)

cve@mitrehttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
cve@mitrehttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
cve@mitrehttp://marc.info/?l=bugtraq&m=121494431426308&w=2
cve@mitrehttp://secunia.com/advisories/30731
cve@mitrehttp://secunia.com/advisories/32222
cve@mitrehttp://secunia.com/advisories/32858
cve@mitrehttp://secunia.com/advisories/32864
cve@mitrehttp://secunia.com/advisories/33410
cve@mitrehttp://secunia.com/advisories/34418
cve@mitrehttp://securityreason.com/securityalert/3951
cve@mitrehttp://support.apple.com/kb/HT3216
cve@mitrehttp://support.apple.com/kb/HT4077
cve@mitrehttp://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
cve@mitrehttp://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

Is Your Infrastructure Affected by CVE-2008-2712?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-2712

📅 Published

🔄 Last Modified

🔗 References (80)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-2712?