cbcvebase.
CVE-2008-4101
published 2008-09-18

CVE-2008-4101: Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by…

PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
9.21%
94.7th percentile
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

Affected

24 ranges
VendorProductVersion rangeFixed in
debianvim< vim 2:7.2.010-1 (bookworm)vim 2:7.2.010-1 (bookworm)
vimvim<= 7.2
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim
vimvim>= 0 < 2:7.2.010-12:7.2.010-1
vimvim>= 0 < 2:7.2.010-12:7.2.010-1
vimvim>= 0 < 2:7.2.010-12:7.2.010-1
vimvim>= 0 < 2:7.2.010-12:7.2.010-1

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3LOW
vendor_redhat9.3CRITICAL
vendor_ubuntu9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.