Vulnerability Details : CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2008-4101
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-4101
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-4101
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4101
-
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
Exploit
- http://www.vupen.com/english/advisories/2009/0033
-
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
-
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
Patch
-
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
Patch
-
http://www.securityfocus.com/bid/30795
- http://www.vupen.com/english/advisories/2009/0904
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
- http://www.securityfocus.com/archive/1/502322/100/0/threaded
-
http://www.openwall.com/lists/oss-security/2008/09/16/6
- http://www.redhat.com/support/errata/RHSA-2008-0618.html
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
-
http://www.rdancer.org/vulnerablevim-K.html
- http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
-
http://www.openwall.com/lists/oss-security/2008/09/16/5
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
- http://www.redhat.com/support/errata/RHSA-2008-0580.html
-
https://bugzilla.redhat.com/show_bug.cgi?id=461927
- http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
-
http://support.apple.com/kb/HT4077
About the security content of Security Update 2010-002 / Mac OS X v10.6.3 - Apple Support
- http://www.ubuntu.com/usn/USN-712-1
- http://www.redhat.com/support/errata/RHSA-2008-0617.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
-
http://www.securityfocus.com/archive/1/495662
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.openwall.com/lists/oss-security/2008/09/11/4
-
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
Exploit
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple Support
-
http://www.openwall.com/lists/oss-security/2008/09/11/3
- http://www.securityfocus.com/bid/31681
-
http://www.securityfocus.com/archive/1/495703
- http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Products affected by CVE-2008-4101
- cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:4.0:*:*:*:*:*:*:*