cbcvebase.
CVE-2008-2712
published 2008-06-16

CVE-2008-2712: Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs…

PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
15.04%
96.3th percentile
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Affected

63 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianvim< vim 1:7.1.314-3 (bookworm)vim 1:7.1.314-3 (bookworm)
debianvim< vim 2:7.2.010-1 (bookworm)vim 2:7.2.010-1 (bookworm)
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimtar.vim
vimvim<= 6.4
vimvim<= 7.2
vimvim
vimvim
vimvim
vimvim

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.