Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-4101

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Sep, 2008 | 17:47
Updated At-07 Aug, 2024 | 10:00
Rejected At-
Credits

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Sep, 2008 | 17:47
Updated At:07 Aug, 2024 | 10:00
Rejected At:
â–¼CVE Numbering Authority (CNA)

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
x_refsource_CONFIRM
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
mailing-list
x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2008-0618.html
vendor-advisory
x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2008/09/16/5
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/31592
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/495703
mailing-list
x_refsource_BUGTRAQ
http://www.ubuntu.com/usn/USN-712-1
vendor-advisory
x_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2008/09/11/4
mailing-list
x_refsource_MLIST
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
vdb-entry
signature
x_refsource_OVAL
http://www.securityfocus.com/bid/31681
vdb-entry
x_refsource_BID
http://www.openwall.com/lists/oss-security/2008/09/16/6
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/32858
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/33410
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
vendor-advisory
x_refsource_APPLE
http://www.redhat.com/support/errata/RHSA-2008-0580.html
vendor-advisory
x_refsource_REDHAT
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
vdb-entry
x_refsource_XF
http://www.vupen.com/english/advisories/2009/0904
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/0033
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/502322/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=461927
x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
x_refsource_CONFIRM
http://secunia.com/advisories/32222
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
http://www.securityfocus.com/bid/30795
vdb-entry
x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
vdb-entry
signature
x_refsource_OVAL
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2008/09/11/3
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/archive/1/495662
mailing-list
x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
vendor-advisory
x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2008/2780
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/32864
third-party-advisory
x_refsource_SECUNIA
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
mailing-list
x_refsource_MLIST
http://www.rdancer.org/vulnerablevim-K.html
x_refsource_MISC
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
vendor-advisory
x_refsource_APPLE
http://support.apple.com/kb/HT3216
x_refsource_CONFIRM
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2008-0617.html
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0618.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/16/5
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/31592
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/495703
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.ubuntu.com/usn/USN-712-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/11/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securityfocus.com/bid/31681
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/16/6
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/32858
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/33410
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0580.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2009/0904
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2009/0033
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/502322/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
Resource:
x_refsource_MISC
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=461927
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/32222
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT4077
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/30795
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
Resource:
x_refsource_MISC
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/11/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/archive/1/495662
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.vupen.com/english/advisories/2008/2780
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/32864
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.rdancer.org/vulnerablevim-K.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://support.apple.com/kb/HT3216
Resource:
x_refsource_CONFIRM
Hyperlink: http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
Resource:
x_refsource_MISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0617.html
Resource:
vendor-advisory
x_refsource_REDHAT
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
x_refsource_CONFIRM
x_transferred
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
mailing-list
x_refsource_MLIST
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0618.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.openwall.com/lists/oss-security/2008/09/16/5
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/31592
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/495703
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.ubuntu.com/usn/USN-712-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.openwall.com/lists/oss-security/2008/09/11/4
mailing-list
x_refsource_MLIST
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securityfocus.com/bid/31681
vdb-entry
x_refsource_BID
x_transferred
http://www.openwall.com/lists/oss-security/2008/09/16/6
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/32858
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/33410
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0580.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
vdb-entry
x_refsource_XF
x_transferred
http://www.vupen.com/english/advisories/2009/0904
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2009/0033
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/502322/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
x_refsource_MISC
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=461927
x_refsource_CONFIRM
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/32222
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/30795
vdb-entry
x_refsource_BID
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
x_refsource_MISC
x_transferred
http://www.openwall.com/lists/oss-security/2008/09/11/3
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/archive/1/495662
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.vupen.com/english/advisories/2008/2780
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/32864
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
mailing-list
x_refsource_MLIST
x_transferred
http://www.rdancer.org/vulnerablevim-K.html
x_refsource_MISC
x_transferred
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://support.apple.com/kb/HT3216
x_refsource_CONFIRM
x_transferred
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
x_refsource_MISC
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0617.html
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0618.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/16/5
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/31592
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/495703
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-712-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/11/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31681
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/16/6
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/32858
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/33410
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0580.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0904
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0033
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/502322/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=461927
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/32222
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT4077
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/30795
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/11/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/495662
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2780
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/32864
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.rdancer.org/vulnerablevim-K.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://support.apple.com/kb/HT3216
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0617.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Sep, 2008 | 17:59
Updated At:23 Apr, 2026 | 00:35

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Vim
vim
>>vim>>Versions up to 7.2(inclusive)
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Vim
vim
>>vim>>3.0
cpe:2.3:a:vim:vim:3.0:*:*:*:*:*:*:*
Vim
vim
>>vim>>4.0
cpe:2.3:a:vim:vim:4.0:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.0
cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.1
cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.2
cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.3
cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.4
cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.5
cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.6
cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.7
cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*
Vim
vim
>>vim>>5.8
cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*
Vim
vim
>>vim>>6.0
cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*
Vim
vim
>>vim>>6.1
cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*
Vim
vim
>>vim>>6.2
cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*
Vim
vim
>>vim>>6.3
cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*
Vim
vim
>>vim>>6.4
cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*
Vim
vim
>>vim>>7.0
cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*
Vim
vim
>>vim>>7.1
cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Must have a valid e-mail address to access the patch on the "google groups" link.

Vendor Statements
References
HyperlinkSourceResource
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010cve@mitre.org
Exploit
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2cve@mitre.org
N/A
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2cve@mitre.org
Patch
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668ecve@mitre.org
Exploit
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33cve@mitre.org
Patch
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlcve@mitre.org
N/A
http://secunia.com/advisories/31592cve@mitre.org
N/A
http://secunia.com/advisories/32222cve@mitre.org
N/A
http://secunia.com/advisories/32858cve@mitre.org
N/A
http://secunia.com/advisories/32864cve@mitre.org
N/A
http://secunia.com/advisories/33410cve@mitre.org
N/A
http://support.apple.com/kb/HT3216cve@mitre.org
N/A
http://support.apple.com/kb/HT4077cve@mitre.org
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htmcve@mitre.org
N/A
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmcve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/09/11/3cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/09/11/4cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/09/16/5cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/09/16/6cve@mitre.org
N/A
http://www.rdancer.org/vulnerablevim-K.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0580.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0617.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0618.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/495662cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/495703cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/502322/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/30795cve@mitre.org
N/A
http://www.securityfocus.com/bid/31681cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-712-1cve@mitre.org
N/A
http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlcve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/2780cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/0033cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/0904cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=461927cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812cve@mitre.org
N/A
http://ftp.vim.org/pub/vim/patches/7.2/7.2.010af854a3a-2127-422b-91ae-364da2661108
Exploit
http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2af854a3a-2127-422b-91ae-364da2661108
Patch
http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668eaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33af854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/31592af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32222af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32858af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32864af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/33410af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT3216af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4077af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-457.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:236af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2008/09/11/3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2008/09/11/4af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2008/09/16/5af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2008/09/16/6af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.rdancer.org/vulnerablevim-K.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2008-0580.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2008-0617.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2008-0618.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/495662af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/495703af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/502322/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/30795af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/31681af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-712-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/2780af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/0033af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/0904af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=461927af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44626af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31592
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32222
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32858
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32864
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33410
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3216
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4077
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/11/3
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/11/4
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/16/5
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/16/6
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.rdancer.org/vulnerablevim-K.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0580.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0617.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0618.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/495662
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/495703
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502322/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30795
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31681
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-712-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2780
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0033
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0904
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=461927
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://ftp.vim.org/pub/vim/patches/7.2/7.2.010
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/31592
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32222
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32858
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32864
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/33410
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3216
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:236
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/11/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/11/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/16/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/09/16/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.rdancer.org/vulnerablevim-K.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0580.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0617.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0618.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/495662
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/495703
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502322/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30795
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31681
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-712-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2780
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0033
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0904
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=461927
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44626
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

508Records found
CVE-2008-2712
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.97% / 95.12%
||
7 Day CHG~0.00%
Published-16 Jun, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.

Action-Not Available
Vendor-n/aCanonical Ltd.Vim
Product-ubuntu_linuxvimn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3074
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.68% / 86.16%
||
7 Day CHG~0.00%
Published-21 Feb, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

Action-Not Available
Vendor-n/aVim
Product-tar.vimvimn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2008-3075
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.06% / 89.99%
||
7 Day CHG~0.00%
Published-21 Feb, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

Action-Not Available
Vendor-n/aVim
Product-zipplugin.vimvimn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-3076
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-11.58% / 93.80%
||
7 Day CHG~0.00%
Published-21 Feb, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

Action-Not Available
Vendor-n/aVim
Product-vimn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-12735
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-54.08% / 98.06%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 13:07
Updated-11 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Action-Not Available
Vendor-neovimn/aVim
Product-vimneovimn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2010-3914
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.3||HIGH
EPSS-2.64% / 86.04%
||
7 Day CHG~0.00%
Published-03 Nov, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aVim
Product-gvimn/a
CVE-2008-6235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.55% / 85.82%
||
7 Day CHG~0.00%
Published-21 Feb, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.

Action-Not Available
Vendor-n/aVim
Product-vimn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-3973
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.36% / 58.43%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 11:35
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-28421
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.69%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 22:06
Updated-28 May, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vim has a heap-buffer-overflow and a segmentation fault

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1248
Matching Score-6
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-6
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-15.94% / 94.91%
||
7 Day CHG~0.00%
Published-23 Nov, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

Action-Not Available
Vendor-n/aDebian GNU/LinuxVim
Product-debian_linuxvimvim before patch 8.0.0056
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7072
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.01% / 77.52%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_oswatchosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7079
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.10% / 78.40%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1354
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-19.69% / 95.57%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 20:50
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017Microsoft Visual Studio 2019Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2017Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.22% / 79.51%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-screenosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6104
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.54% / 98.08%
||
7 Day CHG~0.00%
Published-11 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_10windows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6602
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.3||HIGH
EPSS-3.99% / 88.67%
||
7 Day CHG~0.00%
Published-02 Oct, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.69% / 91.45%
||
7 Day CHG+0.60%
Published-20 Apr, 2009 | 14:06
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.

Action-Not Available
Vendor-china-on-siten/a
Product-flexphplinkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.48% / 85.62%
||
7 Day CHG~0.00%
Published-11 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of service (system crash) via a crafted PPPoE packet.

Action-Not Available
Vendor-n/aNetBSD
Product-netbsdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.98% / 86.82%
||
7 Day CHG~0.00%
Published-19 Feb, 2009 | 15:02
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5547
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-haurin/a
Product-virobotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-secure_computingn/aMicrosoft Corporation
Product-webwashersecure_web_gatewayinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5529
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5526
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-drwebn/aMicrosoft Corporation
Product-anti-virusinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.53% / 67.61%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aSymantec CorporationMicrosoft Corporation
Product-internet_explorerantivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5527
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aMicrosoft CorporationESET, spol. s r. o.
Product-internet_explorersmart_securityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.76% / 73.80%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aMicrosoft CorporationSophos Ltd.
Product-anti-virusinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5533
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-k7computingn/aMicrosoft Corporation
Product-internet_explorerantivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5524
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-quickhealn/aMicrosoft Corporation
Product-internet_explorercat_quickhealn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1352
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-7.30% / 91.85%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 20:50
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017Microsoft Visual Studio 2019Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2017Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5534
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aMicrosoft CorporationESET, spol. s r. o.
Product-nod32_antivirusinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-sunbeltsoftwaren/aMicrosoft Corporation
Product-vipreinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5548
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-virusbustern/aMicrosoft Corporation
Product-internet_explorervirusbustern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5525
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.47% / 64.93%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aMicrosoft CorporationClamAV
Product-internet_explorerclamavn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-normann/aMicrosoft Corporation
Product-norman_antivirus_\&_antispywareinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.12% / 31.10%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-aladdinn/aMicrosoft Corporation
Product-internet_exploreresafen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5536
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.28% / 51.32%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-pandasecurityn/aMicrosoft Corporation
Product-internet_explorerpanda_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5530
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-avgewidon/aMicrosoft Corporation
Product-ewido_security_suiteinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-68.42% / 98.63%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-chilkat_softwaren/a
Product-chilkat_crypt_activex_controln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-8.03% / 92.30%
||
7 Day CHG~0.00%
Published-22 Dec, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.

Action-Not Available
Vendor-verlihub-projectn/a
Product-verlihubn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5538
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-prevxn/aMicrosoft Corporation
Product-internet_explorerprevx1n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-avastn/aMicrosoft Corporation
Product-avast_antivirusinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-virusblokadan/aMicrosoft Corporation
Product-internet_explorervba32_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5520
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-ahnlabn/aMicrosoft Corporation
Product-internet_explorerv3_internet_securityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5545
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aMicrosoft CorporationTrend Micro Incorporated
Product-internet_explorertrend_micro_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4824
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-49.04% / 97.84%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input validation errors."

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5537
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-pctoolsn/aMicrosoft Corporation
Product-pctools_antivirusinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5521
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-free-avn/aMicrosoft Corporation
Product-internet_explorerantivirn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.12% / 30.08%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-rising-globaln/aMicrosoft Corporation
Product-rising_antivirusinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5531
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-n/aMicrosoft CorporationFortinet, Inc.
Product-internet_explorerfortiguard_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5522
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-avgn/aMicrosoft Corporation
Product-internet_explorerantivirusn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found