{"id":"CVE-2008-2712","details":"Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw.  NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298.  NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.","modified":"2026-04-10T03:39:54.459095Z","published":"2008-06-16T21:41:00Z","references":[{"type":"ADVISORY","url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"type":"ADVISORY","url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"},{"type":"ADVISORY","url":"http://marc.info/?l=bugtraq&m=121494431426308&w=2"},{"type":"ADVISORY","url":"http://secunia.com/advisories/30731"},{"type":"ADVISORY","url":"http://secunia.com/advisories/32222"},{"type":"ADVISORY","url":"http://secunia.com/advisories/32858"},{"type":"ADVISORY","url":"http://secunia.com/advisories/32864"},{"type":"ADVISORY","url":"http://secunia.com/advisories/33410"},{"type":"ADVISORY","url":"http://secunia.com/advisories/34418"},{"type":"ADVISORY","url":"http://securityreason.com/securityalert/3951"},{"type":"ADVISORY","url":"http://support.apple.com/kb/HT3216"},{"type":"ADVISORY","url":"http://support.apple.com/kb/HT4077"},{"type":"ADVISORY","url":"http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"},{"type":"ADVISORY","url":"http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"},{"type":"ADVISORY","url":"http://wiki.rpath.com/Advisories:rPSA-2008-0247"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2008/06/16/2"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2008/10/15/1"},{"type":"ADVISORY","url":"http://www.redhat.com/support/errata/RHSA-2008-0580.html"},{"type":"ADVISORY","url":"http://www.redhat.com/support/errata/RHSA-2008-0617.html"},{"type":"ADVISORY","url":"http://www.redhat.com/support/errata/RHSA-2008-0618.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/archive/1/493352/100/0/threaded"},{"type":"ADVISORY","url":"http://www.securityfocus.com/archive/1/493353/100/0/threaded"},{"type":"ADVISORY","url":"http://www.securityfocus.com/archive/1/495319/100/0/threaded"},{"type":"ADVISORY","url":"http://www.securityfocus.com/archive/1/502322/100/0/threaded"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/29715"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/31681"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id?1020293"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-712-1"},{"type":"ADVISORY","url":"http://www.vmware.com/security/advisories/VMSA-2009-0004.html"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2008/1851/references"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2008/2780"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/0033"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/0904"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43083"},{"type":"ADVISORY","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109"},{"type":"ADVISORY","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"},{"type":"ARTICLE","url":"http://marc.info/?l=bugtraq&m=121494431426308&w=2"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2008/06/16/2"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2008/10/15/1"},{"type":"WEB","url":"http://www.rdancer.org/vulnerablevim.html"},{"type":"WEB","url":"https://issues.rpath.com/browse/RPL-2622"}],"schema_version":"1.7.5"}