2
Candidate: CVE-2008-2712
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712
5
http://www.rdancer.org/vulnerablevim.html
6
https://usn.ubuntu.com/usn/usn-712-1
8
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers
9
to execute arbitrary commands via Vim scripts that do not properly sanitize
10
inputs before invoking the execute or system functions, as demonstrated
11
using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE:
12
the originally reported version was 7.1.314, but the researcher actually
13
found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally
14
vector 2 in this identifier) has been subsumed by CVE-2008-3075.
18
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216
24
patch: http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1012
25
patch: http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1013
26
patch: http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1021
27
upstream_vim: released (1:7.1.314-3)
28
dapper_vim: released (1:6.4-006+2ubuntu6.2)
29
feisty_vim: needed (reached end-of-life)
30
gutsy_vim: released (1:7.1-056+2ubuntu2.1)
31
hardy_vim: released (1:7.1-138+1ubuntu3.1)
32
intrepid_vim: released (1:7.1.314-3ubuntu1)
33
devel_vim: released (1:7.1.314-3ubuntu1)