CVE-2008-2712 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-2712
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2712

Description: Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43083 ST 1020293 SAID Secunia Advisory: SA30731 Secunia Advisory: SA32222 MLIST http://www.openwall.com/lists/oss-security/2008/06/16/2 MISC http://www.rdancer.org/vulnerablevim.html CONFIRM http://support.apple.com/kb/HT3216 http://wiki.rpath.com/Advisories:rPSA-2008-0247 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/495319/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/493353/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/493352/100/0/threaded BID 31681 29715 APPLE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Return to the previous page.