Vim Shell Command Injection Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Vim and is prone to Command Injection Vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary shell commands to compromise the system. Impact Level: Application

Solution

Upgrade to version 7.2 http://www.vim.org/download.php

Insight

This error is due to the 'filetype.vim', 'tar.vim', 'zip.vim', 'xpm.vim', 'xpm2.vim', 'gzip.vim', and 'netrw.vim' scripts which are insufficiently filtering escape characters.

Affected

Vim version prior to 7.2 on Windows.

References

http://secunia.com/advisories/30731/
http://www.rdancer.org/vulnerablevim-shellescape.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2712, CVE-2008-3074, CVE-2008-3075, CVE-2008-3076

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - Mac OS X
Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)

Take action and discover your vulnerabilities