Oval Definition:oval:org.mitre.oval:def:5812
Revision Date:2009-11-30Version:1
Title:Vim Insufficient Shell Escaping Multiple Command Execution Vulnerability
Description:Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-4101
Platform(s):VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis
  • AND
  • VMWare ESX Server 3.0.3 is installed
  • AND All patches must be installed to not be vulnerable
  • Patch ESX303-200903406-SG is not installed
  • OR Patch ESX303-200903405-SG is not installed
  • OR Patch ESX303-200903403-SG is not installed
  • OR
  • VMWare ESX Server 3.0.2 is installed
  • AND All patches must be installed to not be vulnerable
  • Patch ESX-1008409 is not installed
  • OR Patch ESX-1008408 is not installed
  • OR Patch ESX-1008406 is not installed
  • OR
  • VMware ESX Server 3.5.0 is installed
  • AND All patches must be installed to not be vulnerable
  • Patch ESX350-200904408-SG is not installed
  • OR Patch ESX350-200904407-SG is not installed
  • OR Patch ESX350-200904406-SG is not installed
    • BACK