Definition


New Search

Vim Insufficient Shell Escaping Multiple Command Execution Vulnerability

oval:org.mitre.oval:def:5812

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence a different issue than CVE-2008-2712.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 3.5
  • VMWare ESX Server 3
Class:
vulnerability
Reference(s):
  • CVE-2008-4101
Product(s):