Total vulnerabilities in the database
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
| Software | From | Fixed in |
|---|---|---|
| vim / vim | 7.1.266 | 7.1.266.x |
| vim / tar.vim | .12 | .12.x |
| vim / vim | 7.1 | 7.1.x |
| vim / vim | 7.0 | 7.0.x |
| vim / tar.vim | .11 | .11.x |
| vim / tar.vim | .17 | .17.x |
| vim / vim | 7.2 | 7.2.x |
| vim / tar.vim | .21 | .21.x |
| vim / tar.vim | .14 | .14.x |
| vim / tar.vim | .13 | .13.x |
| vim / tar.vim | .16 | .16.x |
| vim / tar.vim | .18 | .18.x |
| vim / tar.vim | .22 | .22.x |
| vim / tar.vim | .15 | .15.x |
| vim / vim | 7.1.314 | 7.1.314.x |
| vim / tar.vim | .10 | .10.x |
| vim / tar.vim | .20 | .20.x |
| vim / tar.vim | .19 | .19.x |