Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2712Improper Input Validation in Zipplugin.vim

CWE-20Improper Input ValidationCWE-78OS Command InjectionCWE-94Code Injection31 documents8 sources
Severity
9.3CRITICALNVD
EPSS
17.0%
top 5.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
VIMDebian VIMCanonical Ubuntu Linux+2 more
Timeline
PublishedJun 16
Latest updateMay 2

Description

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-200

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

NVDvim/zipplugin.vim11 versions+10
debiandebian/vim< vim 1:7.1.314-3 (bookworm)+1
Debianvim/vim< 2:7.2.010-1+7
NVDvim/vim7.07.1.314+24
NVDvim/tar.vim13 versions+12

Also affects: Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

10
GHSA
GHSA-2gqj-jjm7-f6m7: Vim 32022-05-02
GHSA
GHSA-rj5h-39v8-hch3: The shellescape function in Vim 72022-05-01
GHSA
GHSA-wqmg-q854-x6x6: The shellescape function in Vim 72022-05-01
GHSA
GHSA-j8hm-6qv5-gj2w: Vim 72022-05-01
GHSA
GHSA-f5qf-9pc8-pr89: The Netrw plugin 125 in netrw2022-05-01

💥Exploits & PoCs

1
Exploit-DB
Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities2008-06-14

📋Vendor Advisories

11
Ubuntu
Vim vulnerabilities2009-01-27
Red Hat
vim: arbitrary code execution in commands: K, Control-], g]2008-08-22
Red Hat
plugin: improper Implementation of shellescape() (arbitrary code execution)2008-07-15
Red Hat
plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution2008-07-15
Red Hat
plugin: improper Implementation of shellescape() (arbitrary code execution)2008-07-15

💬Community

4
Bugzilla
CVE-2008-3075 Vim zip.vim plugin: improper Implementation of shellescape() (arbitrary code execution)2008-10-17
Bugzilla
CVE-2008-3074 Vim tar.vim plugin: improper Implementation of shellescape() (arbitrary code execution)2008-10-17
Bugzilla
CVE-2008-6235 Vim netrw.vim plugin: lack of sanitization throughout netrw.vim can lead to arbitrary code execution2008-10-17
Bugzilla
CVE-2008-2712 vim: command execution via scripts not sanitizing inputs to execute and system2008-06-17