CVE-2008-2712

Publication date 16 June 2008

Last updated 24 July 2024


Ubuntu priority

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Status

Package Ubuntu Release Status
vim 8.10 intrepid
Fixed 1:7.1.314-3ubuntu1
8.04 LTS hardy
Fixed 1:7.1-138+1ubuntu3.1
7.10 gutsy
Fixed 1:7.1-056+2ubuntu2.1
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper
Fixed 1:6.4-006+2ubuntu6.2

References

Related Ubuntu Security Notices (USN)

    • USN-712-1
    • Vim vulnerabilities
    • 27 January 2009

Other references