Unrated severityNVD Advisory· Published Jun 16, 2008· Updated Apr 23, 2026
CVE-2008-2712
CVE-2008-2712
Description
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Affected products
5cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
40- lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlnvdThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/30731nvdThird Party Advisory
- secunia.com/advisories/32222nvdThird Party Advisory
- secunia.com/advisories/32858nvdThird Party Advisory
- secunia.com/advisories/32864nvdThird Party Advisory
- secunia.com/advisories/33410nvdThird Party Advisory
- secunia.com/advisories/34418nvdThird Party Advisory
- securityreason.com/securityalert/3951nvdThird Party Advisory
- support.apple.com/kb/HT3216nvdThird Party Advisory
- support.apple.com/kb/HT4077nvdThird Party Advisory
- support.avaya.com/elmodocs2/security/ASA-2008-457.htmnvdThird Party Advisory
- support.avaya.com/elmodocs2/security/ASA-2009-001.htmnvdThird Party Advisory
- wiki.rpath.com/Advisories:rPSA-2008-0247nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2008/06/16/2nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2008/10/15/1nvdMailing ListThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0580.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0617.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0618.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/493352/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/493353/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/495319/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/502322/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/29715nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/31681nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-712-1nvdThird Party Advisory
- www.vmware.com/security/advisories/VMSA-2009-0004.htmlnvdThird Party Advisory
- www.vupen.com/english/advisories/2008/1851/referencesnvdThird Party Advisory
- www.vupen.com/english/advisories/2008/2780nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/0033nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/0904nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/43083nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238nvdThird Party Advisory
- www.rdancer.org/vulnerablevim.htmlnvdBroken Link
- issues.rpath.com/browse/RPL-2622nvdBroken Link
News mentions
0No linked articles in our index yet.