getchar.c in Vim prior to 8.1.1365 and Neovim prior to 0.3.6 allows remote malicious users to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vim vim |
||
neovim neovim |
Welcome to Vim Sh*tty 2000
Proof-of-concept text files are now available that, when opened in a vulnerable installation of the Vim and Neovim, will execute commands on the underlying machine, or even open a backdoor. Bug-hunter Armin Razmjou this week documented a security hole, designated CVE-2019-12735, in the popular text and source code editors that can be potentially exploited by malicious documents to commandeer victims' computers when opened. The vulnerability is present in Vim versions prior to 8.1.1365, and Neovi...