NA

CVE-2007-2953

Published: 31/07/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and previous versions, and 7.x up to 7.1, allows user-assisted remote malicious users to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

Affected Products

Vendor Product Versions
Vim Development GroupVim6.4, 7.0, 7.1, 7.1.38

Vendor Advisories

Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix various security issues are now available forRed Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Team Desc ...
Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix security issues are now available for Red HatEnterprise Linux 5This update has been rated as having moderate security impact by the Red HatSecurity Response Team Description ...
Ulf Harnhammar discovered that vim does not properly sanitise the “helptags_one()” function when running the “helptags” command By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user’s privileges ...
Debian Bug report logs - #435401 sandbox for vim allows attackers to execute shell commands and write files via modelines Package: vim; Maintainer for vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Source for vim is src:vim (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> ...
Several vulnerabilities have been discovered in the vim editor The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2953 Ulf Härnhammar discovered that a format string flaw in helptags_one() from src/ex_cmdsc (triggered through the helptags command) can lead to the execution of arbitrary code ...

References

NVD-CWE-Otherftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039http://secunia.com/advisories/25941http://secunia.com/advisories/26285http://secunia.com/advisories/26522http://secunia.com/advisories/26594http://secunia.com/advisories/26653http://secunia.com/advisories/26674http://secunia.com/advisories/26822http://secunia.com/advisories/32858http://secunia.com/advisories/33410http://secunia.com/secunia_research/2007-66/advisory/http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmhttp://www.attrition.org/pipermail/vim/2007-August/001770.htmlhttp://www.debian.org/security/2007/dsa-1364http://www.mandriva.com/security/advisories?name=MDKSA-2007:168http://www.mandriva.com/security/advisories?name=MDVSA-2008:236http://www.novell.com/linux/security/advisories/2007_18_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0580.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0617.htmlhttp://www.securityfocus.com/archive/1/475076/100/100/threadedhttp://www.securityfocus.com/archive/1/502322/100/0/threadedhttp://www.securityfocus.com/bid/25095http://www.trustix.org/errata/2007/0026/http://www.ubuntu.com/usn/usn-505-1http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlhttp://www.vupen.com/english/advisories/2007/2687http://www.vupen.com/english/advisories/2009/0033http://www.vupen.com/english/advisories/2009/0904https://exchange.xforce.ibmcloud.com/vulnerabilities/35655https://issues.rpath.com/browse/RPL-1595https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11549https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6463https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-2953https://access.redhat.com/errata/RHSA-2008:0617https://usn.ubuntu.com/505-1/https://nvd.nist.govhttp://tools.cisco.com/security/center/viewAlert.x?alertId=14006