9.3

CVE-2008-4101

Exploit
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VimVim Version <= 7.2
VimVim Version3.0
VimVim Version4.0
VimVim Version5.0
VimVim Version5.1
VimVim Version5.2
VimVim Version5.3
VimVim Version5.4
VimVim Version5.5
VimVim Version5.6
VimVim Version5.7
VimVim Version5.8
VimVim Version6.0
VimVim Version6.1
VimVim Version6.2
VimVim Version6.3
VimVim Version6.4
VimVim Version7.0
VimVim Version7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.21% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://support.apple.com/kb/HT4077
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://www.securityfocus.com/bid/31681
http://www.vupen.com/english/advisories/2008/2780
http://secunia.com/advisories/32858
http://secunia.com/advisories/33410
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
http://www.redhat.com/support/errata/RHSA-2008-0580.html
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
http://secunia.com/advisories/32864
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
http://www.redhat.com/support/errata/RHSA-2008-0618.html
http://www.ubuntu.com/usn/USN-712-1
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
Exploit
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
Patch
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
Exploit
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
Patch
http://secunia.com/advisories/31592
http://www.openwall.com/lists/oss-security/2008/09/11/3
http://www.openwall.com/lists/oss-security/2008/09/11/4
http://www.openwall.com/lists/oss-security/2008/09/16/5
http://www.openwall.com/lists/oss-security/2008/09/16/6
http://www.rdancer.org/vulnerablevim-K.html
http://www.securityfocus.com/archive/1/495662
http://www.securityfocus.com/archive/1/495703
http://www.securityfocus.com/bid/30795
https://bugzilla.redhat.com/show_bug.cgi?id=461927
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812