CVE-2008-3075 — OS Command Injection in Zipplugin.vim

CWE-78 — OS Command Injection CWE-20 — Improper Input Validation CWE-94 — Code Injection17 documents6 sources

Severity

9.3CRITICALNVD

EPSS

5.1%

top 10.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM Canonical Ubuntu Linux +2 more

Timeline

PublishedFeb 21

Latest updateMay 1

Description

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete …

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶NVDvim/zipplugin.vim11 versions+10

▶debiandebian/vim< vim 1:7.1.314-3 (bookworm)+1

▶Debianvim/vim< 2:7.2.010-1+7

▶NVDvim/vim7.0 — 7.1.314+7

▶NVDvim/tar.vim13 versions+12

Also affects: Ubuntu Linux 6.06, 7.10, 8.04, 8.10

Patches

Patch: www.openwall.com ↗Patch: www.rdancer.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-rj5h-39v8-hch3: The shellescape function in Vim 7↗2022-05-01

▶

GHSA

GHSA-wqmg-q854-x6x6: The shellescape function in Vim 7↗2022-05-01

▶

GHSA

GHSA-j8hm-6qv5-gj2w: Vim 7↗2022-05-01

▶

OSV

CVE-2008-3074: The shellescape function in Vim 7↗2009-02-21

▶

OSV

CVE-2008-3075: The shellescape function in Vim 7↗2009-02-21

▶

📋Vendor Advisories

Red Hat

plugin: improper Implementation of shellescape() (arbitrary code execution)↗2008-07-15

▶

Red Hat

plugin: improper Implementation of shellescape() (arbitrary code execution)↗2008-07-15

▶

Red Hat

vim: command execution via scripts not sanitizing inputs to execute and system↗2008-06-15

▶

Debian

CVE-2008-2712: vim - Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to ex...↗2008

▶

Debian

CVE-2008-3074: vim - The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-...↗2008

▶

💬Community

Bugzilla

CVE-2008-3075 Vim zip.vim plugin: improper Implementation of shellescape() (arbitrary code execution)↗2008-10-17

▶

Bugzilla

CVE-2008-3074 Vim tar.vim plugin: improper Implementation of shellescape() (arbitrary code execution)↗2008-10-17

▶