CVE-2008-3074 – plugin: improper Implementation of shellescape() (arbitrary code execution)

https://notcve.org/view.php?id=CVE-2008-3074

21 Feb 2009 — The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incompl... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •