CVE-2008-2712 - Vulnerability Details

- vim: command execution via scripts not sanitizing inputs to execute and system

Description

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Published: 2008-06-16

Score: 9.3 Critical

EPSS: 17.0% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:vim:vim::::::::
	cpe:2.3:a:vim:vim::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
vim-1:6.0-7.25	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0618	2008-11-25T00:00:00Z
Red Hat Enterprise Linux 3
vim-1:6.3.046-0.30E.11	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0617	2008-11-25T00:00:00Z
Red Hat Enterprise Linux 4
vim-1:6.3.046-1.el4_7.5z	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0617	2008-11-25T00:00:00Z
Red Hat Enterprise Linux 5
vim-2:7.0.109-4.el5_2.4z	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0580	2008-11-25T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-1733-1	New vim packages fix multiple vulnerabilities
EUVD	EUVD-2008-2706	Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Ubuntu USN	USN-712-1	Vim vulnerabilities

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.16974.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://marc.info/?l=bugtraq&m=121494431426308&w=2
http://secunia.com/advisories/30731
http://secunia.com/advisories/32222
http://secunia.com/advisories/32858
http://secunia.com/advisories/32864
http://secunia.com/advisories/33410
http://secunia.com/advisories/34418
http://securityreason.com/securityalert/3951
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT4077
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0247
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
http://www.openwall.com/lists/oss-security/2008/06/16/2
http://www.openwall.com/lists/oss-security/2008/10/15/1
http://www.rdancer.org/vulnerablevim.html
http://www.redhat.com/support/errata/RHSA-2008-0580.html
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.redhat.com/support/errata/RHSA-2008-0618.html
http://www.securityfocus.com/archive/1/493352/100/0/threaded
http://www.securityfocus.com/archive/1/493353/100/0/threaded
http://www.securityfocus.com/archive/1/495319/100/0/threaded
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.securityfocus.com/bid/29715
http://www.securityfocus.com/bid/31681
http://www.securitytracker.com/id?1020293
http://www.ubuntu.com/usn/USN-712-1
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2008/1851/references
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083
https://issues.rpath.com/browse/RPL-2622
https://nvd.nist.gov/vuln/detail/CVE-2008-2712
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238
https://www.cve.org/CVERecord?id=CVE-2008-2712

History

No history.

Subscriptions

Canonical Ubuntu Linux

Redhat Enterprise Linux

Vim Vim

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-16T21:00:00.000Z

Updated: 2024-08-07T09:14:14.550Z

Reserved: 2008-06-16T00:00:00.000Z

Link: CVE-2008-2712

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-06-16T21:41:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2008-2712

Redhat

Severity : Moderate

Publid Date: 2008-06-15T00:00:00Z

Links: CVE-2008-2712 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

Tracking

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object