CVE-2008-2712 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-2712 Interim 1 5 2023-12-09T02:09:26Z current 2021-05-30T12:42:55Z 2023-12-09T02:09:26Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-2712 Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NOZXT5CRBFF3XA2BV65LMEOU4RCEEGD5/#NOZXT5CRBFF3XA2BV65LMEOU4RCEEGD5 E-Mail link for SUSE-SR:2009:007 https://www.suse.com/support/security/rating/ SUSE Security Ratings Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075. CVE-2008-2712 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C