Home > Vulnerability Database > CVE-2008-2712

Mend.io Vulnerability Database

CVE-2008-2712

Date: June 16, 2008

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Severity Score

8.1

Related Resources (44)

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-2712

Url: http://www.openwall.com/lists/oss-security/2008/10/15/1

Url: http://www.rdancer.org/vulnerablevim.html

Url: http://secunia.com/advisories/34418

Url: http://marc.info/?l=bugtraq&m=121494431426308&w=2

Url: http://www.securityfocus.com/archive/1/493352/100/0/threaded

Url: http://wiki.rpath.com/Advisories:rPSA-2008-0247

Url: http://secunia.com/advisories/30731

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236

Url: http://www.redhat.com/support/errata/RHSA-2008-0617.html

Url: https://access.redhat.com/security/cve/CVE-2008-2712

Url: http://www.vupen.com/english/advisories/2008/1851/references

Url: http://support.apple.com/kb/HT3216

Url: http://www.securityfocus.com/archive/1/493353/100/0/threaded

Url: http://secunia.com/advisories/32858

Url: http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm

Url: http://www.vmware.com/security/advisories/VMSA-2009-0004.html

Url: http://www.openwall.com/lists/oss-security/2008/06/16/2

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109

Url: http://www.securityfocus.com/archive/1/502322/100/0/threaded

Url: http://www.vupen.com/english/advisories/2008/2780

Url: http://secunia.com/advisories/32222

Url: http://www.vupen.com/english/advisories/2009/0033

Url: http://www.redhat.com/support/errata/RHSA-2008-0618.html

Url: http://www.securitytracker.com/id?1020293

Url: http://support.apple.com/kb/HT4077

Url: https://issues.rpath.com/browse/RPL-2622

Url: http://secunia.com/advisories/32864

Url: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Url: http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm

Url: http://www.securityfocus.com/bid/29715

Url: http://www.ubuntu.com/usn/USN-712-1

Url: http://secunia.com/advisories/33410

Url: http://www.securityfocus.com/bid/31681

Url: http://securityreason.com/securityalert/3951

Url: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-2712

Url: http://www.redhat.com/support/errata/RHSA-2008-0580.html

Url: http://www.securityfocus.com/archive/1/495319/100/0/threaded

Url: http://www.vupen.com/english/advisories/2009/0904

Url: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/43083

Url: https://www.mend.io/vulnerability-database/CVE-2008-2712

Severity Score

8.1

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-2712

Date: June 16, 2008

Severity Score

Related Resources (44)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?