Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-09-18 17:59
Updated : 2024-02-04 17:33
NVD link : CVE-2008-4101
Mitre link : CVE-2008-4101
CVE.ORG link : CVE-2008-4101
JSON object : View
Products Affected
vim
- vim
CWE
CWE-20
Improper Input Validation