CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

• CWE-20

• http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List, Third Party Advisory
• http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlThird Party Advisory
• http://marc.info/?l=bugtraq&m=121494431426308&w=2Mailing List, Third Party Advisory
• http://secunia.com/advisories/30731Third Party Advisory
• http://secunia.com/advisories/32222Third Party Advisory
• http://secunia.com/advisories/32858Third Party Advisory
• http://secunia.com/advisories/32864Third Party Advisory
• http://secunia.com/advisories/33410Third Party Advisory
• http://secunia.com/advisories/34418Third Party Advisory
• http://securityreason.com/securityalert/3951Third Party Advisory
• http://support.apple.com/kb/HT3216Third Party Advisory
• http://support.apple.com/kb/HT4077Third Party Advisory
• http://support.avaya.com/elmodocs2/security/ASA-2008-457.htmThird Party Advisory
• http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmThird Party Advisory
• http://wiki.rpath.com/Advisories:rPSA-2008-0247Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:236Third Party Advisory
• http://www.openwall.com/lists/oss-security/2008/06/16/2Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2008/10/15/1Mailing List, Third Party Advisory
• http://www.rdancer.org/vulnerablevim.htmlBroken Link
• http://www.redhat.com/support/errata/RHSA-2008-0580.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0617.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0618.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/493352/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/493353/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/495319/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/502322/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/29715Third Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/31681Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1020293Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-712-1Third Party Advisory
• http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlThird Party Advisory
• http://www.vupen.com/english/advisories/2008/1851/referencesThird Party Advisory
• http://www.vupen.com/english/advisories/2008/2780Third Party Advisory
• http://www.vupen.com/english/advisories/2009/0033Third Party Advisory
• http://www.vupen.com/english/advisories/2009/0904Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/43083Third Party Advisory, VDB Entry
• https://issues.rpath.com/browse/RPL-2622Broken Link
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109Third Party Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238Third Party Advisory
• http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlMailing List, Third Party Advisory
• http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlMailing List, Third Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlThird Party Advisory
• http://marc.info/?l=bugtraq&m=121494431426308&w=2Mailing List, Third Party Advisory
• http://secunia.com/advisories/30731Third Party Advisory
• http://secunia.com/advisories/32222Third Party Advisory
• http://secunia.com/advisories/32858Third Party Advisory
• http://secunia.com/advisories/32864Third Party Advisory
• http://secunia.com/advisories/33410Third Party Advisory
• http://secunia.com/advisories/34418Third Party Advisory
• http://securityreason.com/securityalert/3951Third Party Advisory
• http://support.apple.com/kb/HT3216Third Party Advisory
• http://support.apple.com/kb/HT4077Third Party Advisory
• http://support.avaya.com/elmodocs2/security/ASA-2008-457.htmThird Party Advisory
• http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmThird Party Advisory
• http://wiki.rpath.com/Advisories:rPSA-2008-0247Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:236Third Party Advisory
• http://www.openwall.com/lists/oss-security/2008/06/16/2Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2008/10/15/1Mailing List, Third Party Advisory
• http://www.rdancer.org/vulnerablevim.htmlBroken Link
• http://www.redhat.com/support/errata/RHSA-2008-0580.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0617.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0618.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/493352/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/493353/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/495319/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/archive/1/502322/100/0/threadedThird Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/29715Third Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/31681Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1020293Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-712-1Third Party Advisory
• http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlThird Party Advisory
• http://www.vupen.com/english/advisories/2008/1851/referencesThird Party Advisory
• http://www.vupen.com/english/advisories/2008/2780Third Party Advisory
• http://www.vupen.com/english/advisories/2009/0033Third Party Advisory
• http://www.vupen.com/english/advisories/2009/0904Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/43083Third Party Advisory, VDB Entry
• https://issues.rpath.com/browse/RPL-2622Broken Link
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109Third Party Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238Third Party Advisory

Published

Jun 16, 2008

Last Modified

Jun 16, 2026

Status

Modified