CVE-2008-3076

Vim - OS Command Injection

Title source: rule

Description

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jan Minar · textremotelinux

https://www.exploit-db.com/exploits/32012

View Code ZIP pw:eip

References (16)

Core 16

Core References

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

Exploit mailing-list x_refsource_mlist

http://marc.info/?l=oss-security&m=122416184431388&w=2

Exploit, Patch, Vendor Advisory x_refsource_misc

http://www.rdancer.org/vulnerablevim-netrw.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0580.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/10/20/2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34418

Exploit mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/07/07/1

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30115

Exploit, Patch, Vendor Advisory x_refsource_misc

http://www.rdancer.org/vulnerablevim-netrw.v2.html

Third Party Advisory x_refsource_confirm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0324

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=121494431426308&w=2

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/07/08/12

Issue Tracking x_refsource_confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506919

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43624

Exploit, Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2008/07/07/4

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:236

Scores

EPSS 0.1158

EPSS Percentile 93.7%

Details

CWE

CWE-78

Status published

Products (1)

vim/vim 7.2a.10

Published Feb 21, 2009

Tracked Since Feb 18, 2026