N/A

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

N/A

N/A

Vim "zip.vim" Plugin 任意指令执行漏洞

Vim是一款开源的、可配置的用于创建和更改任何类型文本的文本编辑器，它可使用在大多数UNIX系统和Apple OS X中。 Vim 7.0版本至7.2版本, 包括7.2a.10版本的shellescape函数,允许用户协助式攻击者可以借助"!"外壳元字符in (1)一个ZIP存档文件的文件名以及(2)VIM ZIP插件(zipPlugin.vim) v.11版本至v.21版本没有适当处理过的一个ZIP存档文件的文件名，例如zipplugin何zipplugin.v2测试版，执行任意代码。注意:该漏洞存在是

N/A

N/A