CVE-2008-4101

Vulnerability Description

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://ftp.vim.org/pub/vim/patches/7.2/7.2.010Exploit
• http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-comma
• http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-commaPatch
• http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6adExploit
• http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33Patch
• http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
• http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
• http://secunia.com/advisories/31592
• http://secunia.com/advisories/32222
• http://secunia.com/advisories/32858
• http://secunia.com/advisories/32864
• http://secunia.com/advisories/33410
• http://support.apple.com/kb/HT3216
• http://support.apple.com/kb/HT4077
• http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm