NA

CVE-2008-2712

Published: 16/06/2008 Updated: 01/11/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Vim 7.1.314, 6.4, and other versions allows user-assisted remote malicious users to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Affected Products

Vendor Product Versions
VimVim6.4, 7.0, 7.0.001, 7.0.002, 7.0.003, 7.0.004, 7.0.005, 7.0.006, 7.0.007, 7.0.008, 7.0.009, 7.0.010, 7.0.011, 7.0.012, 7.0.013, 7.0.014, 7.0.015, 7.0.016, 7.0.017, 7.0.018, 7.0.019, 7.0.020, 7.0.021, 7.0.022, 7.0.023, 7.0.024, 7.0.025, 7.0.026, 7.0.027, 7.0.028, 7.0.029, 7.0.030, 7.0.031, 7.0.032, 7.0.033, 7.0.034, 7.0.035, 7.0.036, 7.0.037, 7.0.038, 7.0.039, 7.0.040, 7.0.041, 7.0.042, 7.0.043, 7.0.044, 7.0.045, 7.0.046, 7.0.047, 7.0.048, 7.0.049, 7.0.050, 7.0.051, 7.0.052, 7.0.053, 7.0.054, 7.0.055, 7.0.056, 7.0.057, 7.0.058, 7.0.059, 7.0.060, 7.0.061, 7.0.062, 7.0.063, 7.0.064, 7.0.065, 7.0.066, 7.0.067, 7.0.068, 7.0.069, 7.0.070, 7.0.071, 7.0.072, 7.0.073, 7.0.074, 7.0.075, 7.0.076, 7.0.077, 7.0.078, 7.0.079, 7.0.080, 7.0.081, 7.0.082, 7.0.083, 7.0.084, 7.0.085, 7.0.086, 7.0.087, 7.0.088, 7.0.089, 7.0.090, 7.0.091, 7.0.092, 7.0.093, 7.0.094, 7.0.095, 7.0.096, 7.0.097, 7.0.098, 7.0.099, 7.0.100, 7.0.101, 7.0.102, 7.0.103, 7.0.104, 7.0.105, 7.0.106, 7.0.107, 7.0.108, 7.0.109, 7.0.110, 7.0.111, 7.0.112, 7.0.113, 7.0.114, 7.0.115, 7.0.116, 7.0.117, 7.0.118, 7.0.119, 7.0.120, 7.0.121, 7.0.122, 7.0.123, 7.0.124, 7.0.125, 7.0.126, 7.0.127, 7.0.128, 7.0.129, 7.0.130, 7.0.131, 7.0.132, 7.0.133, 7.0.134, 7.0.135, 7.0.136, 7.0.137, 7.0.138, 7.0.139, 7.0.140, 7.0.141, 7.0.142, 7.0.143, 7.0.144, 7.0.145, 7.0.146, 7.0.147, 7.0.148, 7.0.149, 7.0.150, 7.0.151, 7.0.152, 7.0.153, 7.0.154, 7.0.155, 7.0.156, 7.0.157, 7.0.158, 7.0.159, 7.0.160, 7.0.161, 7.0.162, 7.0.163, 7.0.164, 7.0.165, 7.0.166, 7.0.167, 7.0.168, 7.0.169, 7.0.170, 7.0.171, 7.0.172, 7.0.173, 7.0.174, 7.0.175, 7.0.176, 7.0.177, 7.0.178, 7.0.179, 7.0.180, 7.0.181, 7.0.182, 7.0.183, 7.0.184, 7.0.185, 7.0.186, 7.0.187, 7.0.188, 7.0.189, 7.0.190, 7.0.191, 7.0.192, 7.0.193, 7.0.194, 7.0.195, 7.0.196, 7.0.197, 7.0.198, 7.0.199, 7.0.200, 7.0.201, 7.0.202, 7.0.203, 7.0.204, 7.0.205, 7.0.206, 7.0.207, 7.0.208, 7.0.209, 7.0.210, 7.0.211, 7.0.212, 7.0.213, 7.0.214, 7.0.215, 7.0.216, 7.0.217, 7.0.218, 7.0.219, 7.0.220, 7.0.221, 7.0.222, 7.0.223, 7.0.224, 7.0.225, 7.0.226, 7.0.227, 7.0.228, 7.0.229, 7.0.230, 7.0.231, 7.0.232, 7.0.233, 7.0.234, 7.0.235, 7.0.236, 7.0.237, 7.0.238, 7.0.239, 7.0.240, 7.0.241, 7.0.242, 7.0.243, 7.0b, 7.0b01, 7.0b02, 7.0c, 7.0c01, 7.0c02, 7.0c03, 7.0c10, 7.0c11, 7.0c12, 7.0c13, 7.0d, 7.0d01, 7.0d02, 7.0d03, 7.0d04, 7.0d05, 7.0e, 7.00e+01, 7.00e+02, 7.00e+03, 7.00e+04, 7.00e+05, 7.00e+06, 7.00e+07, 7.0f, 7.0f01, 7.0f02, 7.0f03, 7.0f04, 7.0f05, 7.0g, 7.0g01, 7.0g02, 7.0g03, 7.0g04, 7.0g05, 7.01, 7.1, 7.1.001, 7.1.002, 7.1.003, 7.1.004, 7.1.005, 7.1.006, 7.1.007, 7.1.008, 7.1.009, 7.1.010, 7.1.011, 7.1.012, 7.1.013, 7.1.014, 7.1.015, 7.1.016, 7.1.017, 7.1.018, 7.1.019, 7.1.020, 7.1.021, 7.1.022, 7.1.023, 7.1.024, 7.1.025, 7.1.026, 7.1.027, 7.1.028, 7.1.029, 7.1.030, 7.1.031, 7.1.032, 7.1.033, 7.1.034, 7.1.035, 7.1.036, 7.1.037, 7.1.038, 7.1.039, 7.1.040, 7.1.041, 7.1.042, 7.1.043, 7.1.044, 7.1.045, 7.1.046, 7.1.047, 7.1.048, 7.1.049, 7.1.050, 7.1.051, 7.1.052, 7.1.053, 7.1.054, 7.1.055, 7.1.056, 7.1.057, 7.1.058, 7.1.059, 7.1.060, 7.1.061, 7.1.062, 7.1.063, 7.1.064, 7.1.065, 7.1.066, 7.1.067, 7.1.068, 7.1.069, 7.1.070, 7.1.071, 7.1.072, 7.1.073, 7.1.074, 7.1.075, 7.1.076, 7.1.077, 7.1.078, 7.1.079, 7.1.080, 7.1.081, 7.1.082, 7.1.084, 7.1.085, 7.1.086, 7.1.087, 7.1.088, 7.1.089, 7.1.090, 7.1.091, 7.1.092, 7.1.093, 7.1.094, 7.1.095, 7.1.096, 7.1.097, 7.1.098, 7.1.099, 7.1.100, 7.1.101, 7.1.102, 7.1.103, 7.1.104, 7.1.105, 7.1.106, 7.1.107, 7.1.108, 7.1.109, 7.1.110, 7.1.111, 7.1.112, 7.1.113, 7.1.114, 7.1.115, 7.1.116, 7.1.117, 7.1.118, 7.1.119, 7.1.120, 7.1.121, 7.1.122, 7.1.123, 7.1.124, 7.1.125, 7.1.126, 7.1.127, 7.1.128, 7.1.129, 7.1.130, 7.1.131, 7.1.132, 7.1.133, 7.1.134, 7.1.135, 7.1.136, 7.1.137, 7.1.138, 7.1.139, 7.1.140, 7.1.141, 7.1.142, 7.1.143, 7.1.144, 7.1.145, 7.1.146, 7.1.147, 7.1.148, 7.1.149, 7.1.150, 7.1.151, 7.1.152, 7.1.153, 7.1.154, 7.1.155, 7.1.156, 7.1.157, 7.1.158, 7.1.159, 7.1.160, 7.1.161, 7.1.162, 7.1.163, 7.1.164, 7.1.165, 7.1.166, 7.1.167, 7.1.168, 7.1.169, 7.1.170, 7.1.171, 7.1.172, 7.1.173, 7.1.174, 7.1.175, 7.1.176, 7.1.177, 7.1.178, 7.1.179, 7.1.180, 7.1.181, 7.1.182, 7.1.183, 7.1.184, 7.1.185, 7.1.186, 7.1.187, 7.1.188, 7.1.189, 7.1.190, 7.1.191, 7.1.192, 7.1.193, 7.1.194, 7.1.195, 7.1.196, 7.1.197, 7.1.198, 7.1.199, 7.1.200, 7.1.201, 7.1.202, 7.1.203, 7.1.204, 7.1.205, 7.1.206, 7.1.207, 7.1.208, 7.1.209, 7.1.210, 7.1.211, 7.1.212, 7.1.213, 7.1.214, 7.1.215, 7.1.216, 7.1.217, 7.1.218, 7.1.219, 7.1.220, 7.1.221, 7.1.222, 7.1.223, 7.1.224, 7.1.225, 7.1.226, 7.1.227, 7.1.228, 7.1.229, 7.1.230, 7.1.231, 7.1.232, 7.1.233, 7.1.234, 7.1.235, 7.1.236, 7.1.237, 7.1.238, 7.1.239, 7.1.240, 7.1.241, 7.1.242, 7.1.243, 7.1.244, 7.1.245, 7.1.246, 7.1.247, 7.1.248, 7.1.249, 7.1.250, 7.1.251, 7.1.252, 7.1.253, 7.1.254, 7.1.255, 7.1.256, 7.1.257, 7.1.258, 7.1.259, 7.1.260, 7.1.261, 7.1.262, 7.1.263, 7.1.264, 7.1.265, 7.1.266, 7.1.267, 7.1.268, 7.1.269, 7.1.270, 7.1.271, 7.1.272, 7.1.273, 7.1.274, 7.1.275, 7.1.276, 7.1.277, 7.1.278, 7.1.279, 7.1.280, 7.1.281, 7.1.282, 7.1.283, 7.1.284, 7.1.285, 7.1.286, 7.1.287, 7.1.288, 7.1.289, 7.1.290, 7.1.291, 7.1.292, 7.1.293, 7.1.294, 7.1.295, 7.1.296, 7.1.297, 7.1.298, 7.1.299, 7.1.300, 7.1.301, 7.1.302, 7.1.303, 7.1.304, 7.1.305, 7.1.306, 7.1.307, 7.1.308, 7.1.309, 7.1.310, 7.1.311, 7.1.312, 7.1.313, 7.1.314
CanonicalUbuntu Linux6.06, 7.10, 8.04, 8.10

Vendor Advisories

Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix security issues are now available for Red HatEnterprise Linux 21This update has been rated as having moderate security impact by the Red HatSecurity Response Team Description ...
Debian Bug report logs - #486502 multiple vulnerabilities found in vim Package: vim; Maintainer for vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Source for vim is src:vim (PTS, buildd, popcon) Reported by: Jamie Strandboge <jamie@strandbogecom> Date: Mon, 16 Jun 2008 14:09:06 UTC Severity: grave Tag ...
Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix various security issues are now available forRed Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Team Desc ...
Debian Bug report logs - #500381 vim: CVE-2008-4101 Vim 30 through 7x before 72010 does not properly escape Package: vim; Maintainer for vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Source for vim is src:vim (PTS, buildd, popcon) Reported by: Thomas Bläsing <thomasbl@poolmathtu-berlinde> D ...
Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix security issues are now available for Red HatEnterprise Linux 5This update has been rated as having moderate security impact by the Red HatSecurity Response Team Description ...
Jan Minar discovered that Vim did not properly sanitize inputs before invoking the execute or system functions inside Vim scripts If a user were tricked into running Vim scripts with a specially crafted input, an attacker could execute arbitrary code with the privileges of the user invoking the program (CVE-2008-2712) ...
Several vulnerabilities have been found in vim, an enhanced vi editor The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2712 Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts This could lead to the execution of a ...

Exploits

source: wwwsecurityfocuscom/bid/29715/info Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application Vim 7 ...

References

CWE-20http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://marc.info/?l=bugtraq&m=121494431426308&w=2http://secunia.com/advisories/30731http://secunia.com/advisories/32222http://secunia.com/advisories/32858http://secunia.com/advisories/32864http://secunia.com/advisories/33410http://secunia.com/advisories/34418http://securityreason.com/securityalert/3951http://support.apple.com/kb/HT3216http://support.apple.com/kb/HT4077http://support.avaya.com/elmodocs2/security/ASA-2008-457.htmhttp://support.avaya.com/elmodocs2/security/ASA-2009-001.htmhttp://wiki.rpath.com/Advisories:rPSA-2008-0247http://www.mandriva.com/security/advisories?name=MDVSA-2008:236http://www.openwall.com/lists/oss-security/2008/06/16/2http://www.openwall.com/lists/oss-security/2008/10/15/1http://www.rdancer.org/vulnerablevim.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0580.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0617.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0618.htmlhttp://www.securityfocus.com/archive/1/493352/100/0/threadedhttp://www.securityfocus.com/archive/1/493353/100/0/threadedhttp://www.securityfocus.com/archive/1/495319/100/0/threadedhttp://www.securityfocus.com/archive/1/502322/100/0/threadedhttp://www.securityfocus.com/bid/29715http://www.securityfocus.com/bid/31681http://www.securitytracker.com/id?1020293http://www.ubuntu.com/usn/USN-712-1http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlhttp://www.vupen.com/english/advisories/2008/1851/referenceshttp://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2009/0033http://www.vupen.com/english/advisories/2009/0904https://exchange.xforce.ibmcloud.com/vulnerabilities/43083https://issues.rpath.com/browse/RPL-2622https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238https://access.redhat.com/errata/RHSA-2008:0618http://tools.cisco.com/security/center/viewAlert.x?alertId=16103https://usn.ubuntu.com/712-1/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-3076https://nvd.nist.govhttps://www.exploit-db.com/exploits/31911/