CVE ID: CVE-2019-12735
Category: Remote Code Execution
Severity: High (CVSS score 9.3)
The flaw resides in Linux Vim/Neovim editor in the way how those editors handle the "modelines" a feature that's enabled by default to automatically find and apply a set of custom preferences as mentioned by the creator of a file at the starting and ending lines in a document. Therefore, just opening an innocent looking specially crafted malicious file using Vim or Neovim editor could allow attackers to execute commands on Linux system and ultimately take over the target system.
• Vim before version 8.1.1365
• Neovim before version 0.3.6
Please click the below PDF to read more
Authored by : Magrabur Alam Sofily , Cyber Security, TCS