Home

CVE-2008-4101

Description

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ; (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) Ctrl-] (control close-square-bracket) or (3) g] (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
15.238

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2008-4101,CVE-2009-0316 are affected in Vim 3.0Windows
Vulnerabilities CVE-2008-4101,CVE-2009-0316 are affected in Vim 4.0Windows
Multiple Vulnerabilities are affected in Vim 5.0Windows
Multiple Vulnerabilities are affected in Vim 5.1Windows
Multiple Vulnerabilities are affected in Vim 5.2Windows
Multiple Vulnerabilities are affected in Vim 5.3Windows
Multiple Vulnerabilities are affected in Vim 5.4Windows
Multiple Vulnerabilities are affected in Vim 5.5Windows
Multiple Vulnerabilities are affected in Vim 5.6Windows
Multiple Vulnerabilities are affected in Vim 5.7Windows
Multiple Vulnerabilities are affected in Vim 5.8Windows
Multiple Vulnerabilities are affected in Vim 6.0Windows
Multiple Vulnerabilities are affected in Vim 6.1Windows
Multiple Vulnerabilities are affected in Vim 6.2Windows
Multiple Vulnerabilities are affected in Vim 6.3Windows
Multiple Vulnerabilities are affected in Vim 6.4Windows
Multiple Vulnerabilities are affected in Vim 7.0Windows
Multiple Vulnerabilities are affected in Vim 7.1Windows
Vulnerabilities CVE-2008-3074,CVE-2008-3075,CVE-2008-4101,CVE-2009-0316 are affected in Vim 7.2Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234