ID CVE-2007-2953
Summary Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
References
Vulnerable Configurations
  • cpe:2.3:a:vim_development_group:vim:*:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:*:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:7.1.38:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:7.1.38:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 16-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2013-04-29T04:14:40.356-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
    family unix
    id oval:org.mitre.oval:def:11549
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
    version 30
  • accepted 2009-11-30T04:00:45.365-05:00
    class vulnerability
    contributors
    • name Michael Wood
      organization Hewlett-Packard
    • name Michael Wood
      organization Hewlett-Packard
    definition_extensions
    • comment VMWare ESX Server 3.0.3 is installed
      oval oval:org.mitre.oval:def:6026
    • comment VMWare ESX Server 3.0.2 is installed
      oval oval:org.mitre.oval:def:5613
    • comment VMware ESX Server 3.5.0 is installed
      oval oval:org.mitre.oval:def:5887
    description Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.
    family unix
    id oval:org.mitre.oval:def:6463
    status accepted
    submitted 2009-09-23T15:39:02.000-04:00
    title Vim HelpTags Command Remote Format String Vulnerability
    version 3
redhat via4
advisories
  • rhsa
    id RHSA-2008:0580
  • rhsa
    id RHSA-2008:0617
rpms
  • vim-X11-2:7.0.109-4.el5_2.4z
  • vim-common-2:7.0.109-4.el5_2.4z
  • vim-debuginfo-2:7.0.109-4.el5_2.4z
  • vim-enhanced-2:7.0.109-4.el5_2.4z
  • vim-minimal-2:7.0.109-4.el5_2.4z
  • vim-X11-1:6.3.046-0.30E.11
  • vim-X11-1:6.3.046-1.el4_7.5z
  • vim-common-1:6.3.046-0.30E.11
  • vim-common-1:6.3.046-1.el4_7.5z
  • vim-debuginfo-1:6.3.046-0.30E.11
  • vim-debuginfo-1:6.3.046-1.el4_7.5z
  • vim-enhanced-1:6.3.046-0.30E.11
  • vim-enhanced-1:6.3.046-1.el4_7.5z
  • vim-minimal-1:6.3.046-0.30E.11
  • vim-minimal-1:6.3.046-1.el4_7.5z
refmap via4
bid 25095
bugtraq
  • 20070730 FLEA-2007-0036-1 vim vim-minimal gvim
  • 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
confirm
debian DSA-1364
mandriva
  • MDKSA-2007:168
  • MDVSA-2008:236
misc http://secunia.com/secunia_research/2007-66/advisory/
secunia
  • 25941
  • 26285
  • 26522
  • 26594
  • 26653
  • 26674
  • 26822
  • 32858
  • 33410
suse SUSE-SR:2007:018
trustix 2007-0026
ubuntu USN-505-1
vim 20070823 vim editor duplicates / clarifications
vupen
  • ADV-2007-2687
  • ADV-2009-0033
  • ADV-2009-0904
xf vim-helptagsone-code-execution(35655)
statements via4
contributor Joshua Bressers
lastmodified 2007-08-06
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 16-10-2018 - 16:46
Published 31-07-2007 - 10:17
Last modified 16-10-2018 - 16:46
Back to Top