CVE-2008-2712

Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Vim 7.1.314, 6.4 y otras versiones, permiten a atacantes remotos asistidos por el usuario ejecutar comandos de su elección a través de secuencias de comandos Vim que cuyos inputs no son limpiados correctamente previa a la ejecución o las funciones del sistema como se ha demostrado con (1) filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim y (5) netrw.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-06-14 First Exploit
2008-06-16 CVE Reserved
2008-06-16 CVE Published
2024-01-31 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (43)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=121494431426308&w=2	Mailing List
http://secunia.com/advisories/30731	Third Party Advisory
http://secunia.com/advisories/32222	Third Party Advisory
http://secunia.com/advisories/32858	Third Party Advisory
http://secunia.com/advisories/32864	Third Party Advisory
http://secunia.com/advisories/33410	Third Party Advisory
http://secunia.com/advisories/34418	Third Party Advisory
http://securityreason.com/securityalert/3951	Third Party Advisory
http://support.apple.com/kb/HT3216	Third Party Advisory
http://support.apple.com/kb/HT4077	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0247	Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/06/16/2	Mailing List
http://www.openwall.com/lists/oss-security/2008/10/15/1	Mailing List
http://www.rdancer.org/vulnerablevim.html	Broken Link
http://www.securityfocus.com/archive/1/493352/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/493353/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/495319/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/502322/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/29715	Third Party Advisory
http://www.securityfocus.com/bid/31681	Third Party Advisory
http://www.securitytracker.com/id?1020293	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0004.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1851/references	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2780	Third Party Advisory
http://www.vupen.com/english/advisories/2009/0033	Third Party Advisory
http://www.vupen.com/english/advisories/2009/0904	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083	Third Party Advisory
https://issues.rpath.com/browse/RPL-2622	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/31911	2008-06-14

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html	2018-11-01
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	2018-11-01
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html	2018-11-01
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236	2018-11-01
http://www.redhat.com/support/errata/RHSA-2008-0580.html	2018-11-01
http://www.redhat.com/support/errata/RHSA-2008-0617.html	2018-11-01
http://www.redhat.com/support/errata/RHSA-2008-0618.html	2018-11-01
http://www.ubuntu.com/usn/USN-712-1	2018-11-01
https://access.redhat.com/security/cve/CVE-2008-2712	2008-11-25
https://bugzilla.redhat.com/show_bug.cgi?id=451759	2008-11-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vim Search vendor "Vim"		Vim Search vendor "Vim" for product "Vim"				<= 6.4 Search vendor "Vim" for product "Vim" and version " <= 6.4"		-		Affected
Vim Search vendor "Vim"		Vim Search vendor "Vim" for product "Vim"				>= 7.0 <= 7.1.314 Search vendor "Vim" for product "Vim" and version " >= 7.0 <= 7.1.314"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"		-		Affected