CVE-2007-2953

Summary

CVE	CVE-2007-2953
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-07-31 10:17:00 UTC
Updated	2018-10-16 16:46:00 UTC
Description	Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Vim Development Group	Vim	7.0	All	All	All
Application	Vim Development Group	Vim	7.1	All	All	All
Application	Vim Development Group	Vim	7.1.38	All	All	All
Application	Vim Development Group	Vim	7.0	All	All	All
Application	Vim Development Group	Vim	7.1	All	All	All
Application	Vim Development Group	Vim	7.1.38	All	All	All
Application	Vim Development Group	Vim	All	All	All	All

References

Reference	Source	Link	Tags
Support	REDHAT	www.redhat.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Webmail - OVH	VUPEN	www.vupen.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Avaya Products Vim Multiple Vulnerabilities - Secunia.com	SECUNIA	secunia.com
2007-0026	TRUSTIX	www.trustix.org
Debian update for vim - Advisories - Secunia	SECUNIA	secunia.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
rPath update for gvim, vim, and vim-minimal - Advisories - Secunia	SECUNIA	secunia.com
Red Hat update for vim - Secunia.com	SECUNIA	secunia.com
Repository / Oval Repository	OVAL	oval.cisecurity.org
Support	REDHAT	www.redhat.com
Security Announcement	SUSE	www.novell.com
Vim "helptags" Command Format String Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
Debian -- Security Information -- DSA-1364-2 vim	DEBIAN	www.debian.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
SUSE Updates for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
ASA-2009-001 (RHSA-2008-0617)	CONFIRM	support.avaya.com
ftp.vim.org/pub/vim/patches/7.1/7.1.039	CONFIRM	ftp.vim.org	Patch
VMSA-2009-0004.2	CONFIRM	www.vmware.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Trustix Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
Vim "helptags" Command Format String Vulnerability - Secunia Research - Secunia	MISC	secunia.com	Patch, Vendor Advisory
USN-505-1: vim vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Mandriva update for vim - Advisories - Secunia	SECUNIA	secunia.com
Ubuntu update for vim - Advisories - Secunia	SECUNIA	secunia.com
[VIM] vim editor duplicates / clarifications	VIM	www.attrition.org
Vim HelpTags Command Remote Format String Vulnerability	BID	www.securityfocus.com	Patch
Support / Security / Advisories / / MDVSA-2008:236 \| Mandriva	MANDRIVA	www.mandriva.com
issues.rpath.com/browse/RPL-1595	CONFIRM	issues.rpath.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-08-06	Joshua Bressers	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

There are currently no legacy QID mappings associated with this CVE.