CVE-2008-2712

N/A Unknown
Published: June 16, 2008 Modified: April 23, 2026
View on NVD

Description

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
Source: cve@mitre.org
Third Party Advisory
http://marc.info/?l=bugtraq&m=121494431426308&w=2
Source: cve@mitre.org
Mailing List Third Party Advisory
http://secunia.com/advisories/30731
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/32222
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/32858
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/32864
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/33410
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/34418
Source: cve@mitre.org
Third Party Advisory
http://securityreason.com/securityalert/3951
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT3216
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT4077
Source: cve@mitre.org
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
Source: cve@mitre.org
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
Source: cve@mitre.org
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0247
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Source: cve@mitre.org
Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/06/16/2
Source: cve@mitre.org
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/10/15/1
Source: cve@mitre.org
Mailing List Third Party Advisory
http://www.rdancer.org/vulnerablevim.html
Source: cve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0580.html
Source: cve@mitre.org
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0617.html
Source: cve@mitre.org
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0618.html
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/archive/1/493352/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493353/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/495319/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/502322/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/29715
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31681
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020293
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-712-1
Source: cve@mitre.org
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1851/references
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2780
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0033
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0904
Source: cve@mitre.org
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-2622
Source: cve@mitre.org
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109
Source: cve@mitre.org
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238
Source: cve@mitre.org
Third Party Advisory
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=bugtraq&m=121494431426308&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://secunia.com/advisories/30731
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/32222
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/32858
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/32864
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/33410
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/34418
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securityreason.com/securityalert/3951
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT3216
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4077
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0247
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/06/16/2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/10/15/1
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.rdancer.org/vulnerablevim.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0580.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0617.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0618.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/493352/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/493353/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/495319/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/502322/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/29715
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31681
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020293
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-712-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1851/references
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2780
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0033
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0904
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43083
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-2622
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11109
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6238
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

80 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
17.0%
95th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

vim canonical

Related CVEs

CVE-2026-42615 7.2
CVE-2026-23773 4.3
CVE-2026-40560 N/A
CVE-2026-7363 N/A
CVE-2026-7361 N/A