Oval Definition:oval:org.mitre.oval:def:6238
Revision Date:2009-11-30Version:1
Title:Vim Flaw in Quoting Vim Script Lets Remote Users Cause Arbitrary Commands to Be Executed in Certain Cases
Description:Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-2712
Platform(s):VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis
  • AND
  • VMWare ESX Server 3.0.3 is installed
  • AND All patches must be installed to not be vulnerable
  • Patch ESX303-200903406-SG is not installed
  • OR Patch ESX303-200903405-SG is not installed
  • OR Patch ESX303-200903403-SG is not installed
  • OR
  • VMWare ESX Server 3.0.2 is installed
  • AND All patches must be installed to not be vulnerable
  • Patch ESX-1008409 is not installed
  • OR Patch ESX-1008408 is not installed
  • OR Patch ESX-1008406 is not installed
  • OR
  • VMware ESX Server 3.5.0 is installed
  • AND All patches must be installed to not be vulnerable
  • Patch ESX350-200904408-SG is not installed
  • OR Patch ESX350-200904407-SG is not installed
  • OR Patch ESX350-200904406-SG is not installed
    • BACK