Exploit PoC: Linux command execution on Vim/Neovim vulnerability (CVE-2019-12735)

CVE ID: CVE-2019-12735
Category: Remote Code Execution
Severity: High (CVSS score 9.3)

The flaw resides in Linux Vim/Neovim editor in the way how those editors handle the "modelines" a feature that's enabled by default to automatically find and apply a set of custom preferences as mentioned by the creator of a file at the starting and ending lines in a document. Therefore, just opening an innocent looking specially crafted malicious file using Vim or Neovim editor could allow attackers to execute commands on Linux system and ultimately take over the target system.

Affected Products:
• Vim before version 8.1.1365
• Neovim before version 0.3.6

Please click the below PDF to read more

Authored by : Magrabur Alam Sofily , Cyber Security, TCS

Rate this article: 
Average: 4.8 (5 votes)
Article category: