FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-2953

This CVE name corresponds to:

Entered Topic
2007-07-27 vim -- Command Format String Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-2953 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-2953
Phase Assigned(20070531)

Description

Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

References

Source Reference
BUGTRAQ 20070730 FLEA-2007-0036-1 vim vim-minimal gvim
BUGTRAQ 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
MISC http://secunia.com/secunia_research/2007-66/advisory/
CONFIRM ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039
CONFIRM https://issues.rpath.com/browse/RPL-1595
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0004.html
DEBIAN DSA-1364
MANDRIVA MDKSA-2007:168
MANDRIVA MDVSA-2008:236
REDHAT RHSA-2008:0617
REDHAT RHSA-2008:0580
SUSE SUSE-SR:2007:018
TRUSTIX 2007-0026
UBUNTU USN-505-1
VIM 20070823 vim editor duplicates / clarifications
BID 25095
OVAL oval:org.mitre.oval:def:11549
OVAL oval:org.mitre.oval:def:6463
SECUNIA 32858
VUPEN ADV-2007-2687
VUPEN ADV-2009-0033
SECUNIA 25941
SECUNIA 26285
SECUNIA 26594
SECUNIA 26653
SECUNIA 26674
SECUNIA 26822
SECUNIA 26522
SECUNIA 33410
VUPEN ADV-2009-0904
XF vim-helptagsone-code-execution(35655)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.