vendor:
Vim
by:
Unknown
7.5
CVSS
HIGH
Heap-based Buffer Overflow
122
CWE
Product Name: Vim
Affected Version From: 6.2.0429
Affected Version To: 6.3.1958
Patch Exists: YES
Related CWE: CVE-2008-2712
CPE: a:vim:vim
Metasploit:
https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-3076/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-3074/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-3075/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-0e1e3789-d87f-11dd-8ecd-00163e000016/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0580/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-3074/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-3075/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0617/, https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-712-1/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0618/, https://www.rapid7.com/db/vulnerabilities/apple-osx-vim-cve-2008-4101/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4101/, https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0004-cve-2008-4101/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4101/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-30866e6c-3c6d-11dd-98c9-00163e000016/, https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0004-cve-2008-2712/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-2712/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-2712/, https://www.rapid7.com/db/vulnerabilities/apple-osx-vim-cve-2008-2712/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2008-0580/, https://www.rapid7.com/db/?q=CVE-2008-2712&type=&page=2, https://www.rapid7.com/db/?q=CVE-2008-2712&type=&page=2
Platforms Tested:
Unknown
Heap-based Buffer Overflow in Vim
Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Mitigation:
It is recommended to update to a version of Vim that is not affected by this vulnerability. Additionally, it is recommended to exercise caution when opening untrusted files in Vim.