CVE-2008-3075
Published Feb 21, 2009
Last updated 7 years ago
Overview
- Description
- The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97CCAA40-55CE-4AB9-9268-AADA06E29B9C"
},
{
"criteria": "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8C5B265-A7DD-4D24-864C-BF1FEEF8F138"
},
{
"criteria": "cpe:2.3:a:vim:vim:7.1.266:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99E9ABC5-442C-4693-8F86-A969AD89A0C1"
},
{
"criteria": "cpe:2.3:a:vim:vim:7.1.314:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12BE4D12-2B98-4617-ADE2-6E71552306A0"
},
{
"criteria": "cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3613F5F4-9B8C-4020-8550-23310A41C85C"
},
{
"criteria": "cpe:2.3:a:vim:vim:7.2a.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82E3ADB1-C84F-49D9-81B5-7BCA9B96A3F0"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A65BA734-30C8-400C-AF02-EED915462E19"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17E163F7-65E4-4FA1-A8FF-8B78FB50C502"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BE5C486-1D0D-4B43-8999-B08C817CC269"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C077F94-D041-4871-A0C9-44E33BA01CC4"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DC62FFD-E770-45A5-9CED-EC97B4C2C897"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F20FFF3-B384-4B94-BDEF-938796D326F9"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAFE185D-B714-4A46-A93F-D1E3AC28645E"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D747F46B-8F8D-465A-984C-AD4FCBEA5354"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30B87583-F00F-489D-9BBD-1D64A0595C92"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A7C5390-527E-470B-9F64-7BF16F1C09F3"
},
{
"criteria": "cpe:2.3:a:vim:zipplugin.vim:v.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "287EF92F-5067-41BA-88BE-20A57E9A1AE5"
}
],
"operator": "OR"
}
]
}
]