PT-2009-1201 · Vim · Vim

Publicado

2009-02-21

Atualizado

2017-08-08

CVE-2008-3076

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vim version 7.2a.10

Description The issue allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within certain commands. This is reportedly due to an incomplete fix for a previous issue.

Recommendations For Vim version 7.2a.10, consider avoiding the use of shell metacharacters in filenames when using the execute and system functions within the affected commands as a temporary workaround until a patch is available.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2008-3076

DSA-1733-1

Produtos afetados

Vim

PT-2009-1201 · Vim · Vim

CVE-2008-3076

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21