Vim (Visual editor IMproved) is an updated and improved version of the vieditor.Several input sanitization flaws were found in Vim's keyword and taghandling. If Vim looked up a document's maliciously crafted tag or keyword,it was possible to execute arbitrary code as the user running Vim.(CVE-2008-4101)A heap-based overflow flaw was discovered in Vim's expansion of file namepatterns with shell wildcards. An attacker could create a specially-craftedfile or directory name that, when opened by Vim, caused the application tocrash or, possibly, execute arbitrary code. (CVE-2008-3432)Several input sanitization flaws were found in various Vim systemfunctions. If a user opened a specially crafted file, it was possible toexecute arbitrary code as the user running Vim. (CVE-2008-2712)Ulf Härnhammar, of Secunia Research, discovered a format string flaw inVim's help tag processor. If a user was tricked into executing the"helptags" command on malicious data, arbitrary code could be executed withthe permissions of the user running Vim. (CVE-2007-2953)All Vim users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.