CVE-2008-4101

EUVD-2008-4085
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
≤ 7.2
vimvim
3.0
vimvim
4.0
vimvim
5.0
vimvim
5.1
vimvim
5.2
vimvim
5.3
vimvim
5.4
vimvim
5.5
vimvim
5.6
vimvim
5.7
vimvim
5.8
vimvim
6.0
vimvim
6.1
vimvim
6.2
vimvim
6.3
vimvim
6.4
vimvim
7.0
vimvim
7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
2:9.0.1378-2
fixed
bullseye
2:8.2.2434-3+deb11u1
fixed
sid
2:9.1.0777-1
fixed
trixie
2:9.1.0777-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
dapper
Fixed 1:6.4-006+2ubuntu6.2
released
feisty
ignored
gutsy
Fixed 1:7.1-056+2ubuntu2.1
released
hardy
Fixed 1:7.1-138+1ubuntu3.1
released
intrepid
Fixed 1:7.1.314-3ubuntu3.1
released
Common Weakness Enumeration
References
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://secunia.com/advisories/31592
http://secunia.com/advisories/32222
http://secunia.com/advisories/32858
http://secunia.com/advisories/32864
http://secunia.com/advisories/33410
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT4077
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
http://www.openwall.com/lists/oss-security/2008/09/11/3
http://www.openwall.com/lists/oss-security/2008/09/11/4
http://www.openwall.com/lists/oss-security/2008/09/16/5
http://www.openwall.com/lists/oss-security/2008/09/16/6
http://www.rdancer.org/vulnerablevim-K.html
http://www.redhat.com/support/errata/RHSA-2008-0580.html
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.redhat.com/support/errata/RHSA-2008-0618.html
http://www.securityfocus.com/archive/1/495662
http://www.securityfocus.com/archive/1/495703
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.securityfocus.com/bid/30795
http://www.securityfocus.com/bid/31681
http://www.ubuntu.com/usn/USN-712-1
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
https://bugzilla.redhat.com/show_bug.cgi?id=461927
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://secunia.com/advisories/31592
http://secunia.com/advisories/32222
http://secunia.com/advisories/32858
http://secunia.com/advisories/32864
http://secunia.com/advisories/33410
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT4077
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
http://www.openwall.com/lists/oss-security/2008/09/11/3
http://www.openwall.com/lists/oss-security/2008/09/11/4
http://www.openwall.com/lists/oss-security/2008/09/16/5
http://www.openwall.com/lists/oss-security/2008/09/16/6
http://www.rdancer.org/vulnerablevim-K.html
http://www.redhat.com/support/errata/RHSA-2008-0580.html
http://www.redhat.com/support/errata/RHSA-2008-0617.html
http://www.redhat.com/support/errata/RHSA-2008-0618.html
http://www.securityfocus.com/archive/1/495662
http://www.securityfocus.com/archive/1/495703
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.securityfocus.com/bid/30795
http://www.securityfocus.com/bid/31681
http://www.ubuntu.com/usn/USN-712-1
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0033
http://www.vupen.com/english/advisories/2009/0904
https://bugzilla.redhat.com/show_bug.cgi?id=461927
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812