CVE-2008-3076 in viminfo

Summary

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

07/08/2008

Disclosure

02/21/2009

Moderation

VulDB entry created

Entries

1: VDB-46698

CPE

ready

CWE

CWE-78 (Confirmed)

Exploit

Download

CVSS

10.0

EPSS

0.10902

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-3076
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3076
CVE Details	https://www.cvedetails.com/cve/CVE-2008-3076/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!