CVE-2008-4101

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

🔗 References (78)

• cve@mitrehttp://ftp.vim.org/pub/vim/patches/7.2/7.2.010
• cve@mitrehttp://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
• cve@mitrehttp://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
• cve@mitrehttp://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
• cve@mitrehttp://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
• cve@mitrehttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
• cve@mitrehttp://secunia.com/advisories/31592
• cve@mitrehttp://secunia.com/advisories/32222
• cve@mitrehttp://secunia.com/advisories/32858
• cve@mitrehttp://secunia.com/advisories/32864
• cve@mitrehttp://secunia.com/advisories/33410
• cve@mitrehttp://support.apple.com/kb/HT3216
• cve@mitrehttp://support.apple.com/kb/HT4077
• cve@mitrehttp://support.avaya.com/elmodocs2/security/ASA-2008-457.htm