header-logo
Suggest Exploit
vendor:
Vim
by:
Unknown
7.5
CVSS
HIGH
Heap-based Buffer Overflow
122
CWE
Product Name: Vim
Affected Version From: 6.2.0429
Affected Version To: 6.3.1958
Patch Exists: YES
Related CWE: CVE-2008-2712
CPE: a:vim:vim
Metasploit: https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-3076/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-3074/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-3075/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-0e1e3789-d87f-11dd-8ecd-00163e000016/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0580/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-3074/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-3075/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0617/https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-712-1/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0618/https://www.rapid7.com/db/vulnerabilities/apple-osx-vim-cve-2008-4101/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4101/https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0004-cve-2008-4101/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4101/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-30866e6c-3c6d-11dd-98c9-00163e000016/https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0004-cve-2008-2712/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-2712/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-2712/https://www.rapid7.com/db/vulnerabilities/apple-osx-vim-cve-2008-2712/https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2008-0580/https://www.rapid7.com/db/?q=CVE-2008-2712&type=&page=2https://www.rapid7.com/db/?q=CVE-2008-2712&type=&page=2
Other Scripts:
Platforms Tested:
Unknown

Heap-based Buffer Overflow in Vim

Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

Mitigation:

It is recommended to update to a version of Vim that is not affected by this vulnerability. Additionally, it is recommended to exercise caution when opening untrusted files in Vim.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30648/info

Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Vim 6.2.429 through 6.3.058. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32225.zip