PT-2008-5404 · Vim+1 · Vim+1

Ben Schmidt

Publicado

2008-09-18

Atualizado

2018-10-11

CVE-2008-4101

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vim versions 3.0 through 7.x before 7.2.010

Description The issue allows user-assisted attackers to execute arbitrary shell commands or Ex commands by exploiting improper character escaping. This can be achieved by entering specific keystrokes on a line containing certain characters, such as a semicolon followed by a command, or by using keystroke sequences like Ctrl-] or g] with an argument.

Recommendations For Vim versions 3.0 through 7.x before 7.2.010, update to version 7.2.010 or later to resolve the issue.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-4101

DSA-1733-1

RHSA-2008:0580

RHSA-2008:0617

RHSA-2008:0618

RHSA-2008_0580

RHSA-2008_0617

Produtos afetados

Red Hat

Vim

PT-2008-5404 · Vim+1 · Vim+1

CVE-2008-4101

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 59