FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vim -- Vim Shell Command Injection Vulnerabilities

Affected packages
6	<	vim	<=	6.4.10
7	<	vim	<	7.1.315
6	<	vim-console	<=	6.4.10
7	<	vim-console	<	7.1.315
6	<	vim-lite	<=	6.4.10
7	<	vim-lite	<	7.1.315
6	<	vim-ruby	<=	6.4.10
7	<	vim-ruby	<	7.1.315
6	<	vim6	<=	6.4.10
7	<	vim6	<	7.1.315
6	<	vim6-ruby	<=	6.4.10
7	<	vim6-ruby	<	7.1.315

Details

VuXML ID	30866e6c-3c6d-11dd-98c9-00163e000016
Discovery	2008-06-16
Entry	2008-06-21

Rdancer.org reports:

Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file.

[source]

References

CVE Name	CVE-2008-2712
URL	http://www.rdancer.org/vulnerablevim.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.