Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.
Software | From | Fixed in |
---|---|---|
vim / vim | - | 7.2.x |
vim / vim | 3.0 | 3.0.x |
vim / vim | 4.0 | 4.0.x |
vim / vim | 5.0 | 5.0.x |
vim / vim | 5.1 | 5.1.x |
vim / vim | 5.2 | 5.2.x |
vim / vim | 5.3 | 5.3.x |
vim / vim | 5.4 | 5.4.x |
vim / vim | 5.5 | 5.5.x |
vim / vim | 5.6 | 5.6.x |
vim / vim | 5.7 | 5.7.x |
vim / vim | 5.8 | 5.8.x |
vim / vim | 6.0 | 6.0.x |
vim / vim | 6.1 | 6.1.x |
vim / vim | 6.2 | 6.2.x |
vim / vim | 6.3 | 6.3.x |
vim / vim | 6.4 | 6.4.x |
vim / vim | 7.0 | 7.0.x |
vim / vim | 7.1 | 7.1.x |