VDB
DEBIAN-CVE-2008-2712
DEBIAN-CVE-2008-2712
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | vim | 0, 0, 0 |
| Debian:12 | vim | 0, 0, 0 |
| Debian:11 | vim | 0, 0, 0 |
| Debian:14 | vim | 0, 0, 0 |
Exploit Intelligence
- glcve_test.go (github-poc)
Timeline
- Jun 16, 2008 CVE Published
- Apr 28, 2026 CVE Updated