vim 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1231743983
업데이트 : 2009.01.12
Format string vulnerability in the helptags_one function in src/ex_cmds.c in
Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers
to execute arbitrary code via format string specifiers in a help-tags tag in a
help file, related to the helptags command.
Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to
execute arbitrary commands via Vim scripts that do not properly sanitize inputs
before invoking the execute or system functions, as demonstrated using (1)
filetype.vim, (2) zipplugin, (3) xpm.vim, (4) gzip_vim, and (5) netrw.
A security flaw was found in tar.vim, the Vim plug-in which handles TAR
archive browsing. If a user opened a TAR archive using the tar.vim plug-in,
it could result in arbitrary code execution as the user runnin Vim.
A security flaw was found in zip.vim, the Vim plug-in that handles ZIP
archive browsing. If a user opened a ZIP archive using the zip.vim plug-in,
it could result in arbitrary code execution as the user running Vim.
Multiple security flaws were found in netrw.vim, the Vim plug-in providing
file reading and writing over the network. If a user opened a specially
crafted file or directory with the netrw plug-in, it could result in
arbitrary code execution as the user running Vim.
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which
allows user-assisted attackers to (1) execute arbitrary shell commands by
entering a K keystroke on a line that contains a ";" (semicolon) followed by
a command, or execute arbitrary Ex commands by entering an argument after a
(2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket)
keystroke sequence, a different issue than CVE-2008-2712.
Autoupdates 지원 : 지원