FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vim -- Vim Shell Command Injection Vulnerabilities

Affected packages
6 < vim <= 6.4.10
7 < vim < 7.1.315
6 < vim-lite <= 6.4.10
7 < vim-lite < 7.1.315
6 < vim-ruby <= 6.4.10
7 < vim-ruby < 7.1.315
6 < vim6 <= 6.4.10
7 < vim6 < 7.1.315
6 < vim6-ruby <= 6.4.10
7 < vim6-ruby < 7.1.315

Details

VuXML ID 30866e6c-3c6d-11dd-98c9-00163e000016
Discovery 2008-06-16
Entry 2008-06-21

Rdancer.org reports:

Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file.

References

CVE Name CVE-2008-2712
URL http://www.rdancer.org/vulnerablevim.html