CVE-2008-4101

Exploit

EPSS 11.43%
Veröffentlicht 18.09.2008 17:59:32
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 42

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vim ≫ Vim Version <= 7.2

Vim ≫ Vim Version3.0

Vim ≫ Vim Version4.0

Vim ≫ Vim Version5.0

Vim ≫ Vim Version5.1

Vim ≫ Vim Version5.2

Vim ≫ Vim Version5.3

Vim ≫ Vim Version5.4

Vim ≫ Vim Version5.5

Vim ≫ Vim Version5.6

Vim ≫ Vim Version5.7

Vim ≫ Vim Version5.8

Vim ≫ Vim Version6.0

Vim ≫ Vim Version6.1

Vim ≫ Vim Version6.2

Vim ≫ Vim Version6.3

Vim ≫ Vim Version6.4

Vim ≫ Vim Version7.0

Vim ≫ Vim Version7.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.43%	0.933

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://support.apple.com/kb/HT4077

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://secunia.com/advisories/32222

http://support.apple.com/kb/HT3216

http://www.securityfocus.com/bid/31681

http://www.vupen.com/english/advisories/2008/2780

http://secunia.com/advisories/32858

http://secunia.com/advisories/33410

http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

http://www.mandriva.com/security/advisories?name=MDVSA-2008:236

http://www.redhat.com/support/errata/RHSA-2008-0580.html