Published: 21/02/2009 Updated: 29/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

The shellescape function in Vim 7.0 up to and including 7.2, including 7.2a.10, allows user-assisted malicious users to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

Affected Products

Vendor Product Versions
VimVim7.0, 7.1, 7.1.266, 7.1.314, 7.2, 7.2a.10
VimZipplugin.vimV.11, V.12, V.13, V.14, V.15, V.16, V.17, V.18, V.19, V.20, V.21

Vendor Advisories

Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix security issues are now available for Red HatEnterprise Linux 5This update has been rated as having moderate security impact by the Red HatSecurity Response Team Description ...
Debian Bug report logs - #506919 vim: multiple vulnerabilities (CVE-2008-3074, CVE-2008-3075, and CVE-2008-3076) Package: vim; Maintainer for vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Source for vim is src:vim (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Dat ...
Several vulnerabilities have been found in vim, an enhanced vi editor The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-2712 Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts This could lead to the execution of a ...