Summary
This host is installed with Vim and is prone to Command Injection Vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary shell commands to compromise the system.
Impact Level: Application
Solution
Upgrade to version 7.2
http://www.vim.org/download.php
Insight
This error is due to the 'filetype.vim', 'tar.vim', 'zip.vim', 'xpm.vim', 'xpm2.vim', 'gzip.vim', and 'netrw.vim' scripts which are insufficiently filtering escape characters.
Affected
Vim version prior to 7.2 on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2712, CVE-2008-3074, CVE-2008-3075, CVE-2008-3076 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)