9.3

CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VimVim Version <= 6.4
VimVim Version >= 7.0 <= 7.1.314
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version8.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.04% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT4077
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/32222
Third Party Advisory
http://support.apple.com/kb/HT3216
Third Party Advisory
http://www.securityfocus.com/bid/31681
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2780
Third Party Advisory
http://secunia.com/advisories/32858
Third Party Advisory
http://secunia.com/advisories/33410
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0580.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0617.html
Third Party Advisory
http://www.securityfocus.com/archive/1/502322/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0033
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0904
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
Third Party Advisory
http://secunia.com/advisories/34418
Third Party Advisory
http://marc.info/?l=bugtraq&m=121494431426308&w=2
Third Party Advisory
Mailing List
http://secunia.com/advisories/30731
Third Party Advisory
http://secunia.com/advisories/32864
Third Party Advisory
http://securityreason.com/securityalert/3951
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0247
Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/06/16/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2008/10/15/1
Third Party Advisory
Mailing List
http://www.rdancer.org/vulnerablevim.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0618.html
Third Party Advisory
http://www.securityfocus.com/archive/1/493352/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/493353/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/495319/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29715
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020293
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-712-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1851/references
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083
Third Party Advisory
VDB Entry
https://issues.rpath.com/browse/RPL-2622
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238
Third Party Advisory