PT-2009-1201 · Vim · Vim

Published

2009-02-21

Updated

2017-08-08

CVE-2008-3076

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Vim version 7.2a.10

Description The issue allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within certain commands. This is reportedly due to an incomplete fix for a previous issue.

Recommendations For Vim version 7.2a.10, consider avoiding the use of shell metacharacters in filenames when using the execute and system functions within the affected commands as a temporary workaround until a patch is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2008-3076

DSA-1733-1

Affected Products

Vim

PT-2009-1201 · Vim · Vim

CVE-2008-3076

Weakness Enumeration

Related Identifiers

Affected Products

References · 21