A security researcher has discovered an arbitrary code execution flaw in popular text editors Vim and Neovim. The vulnerability was found in the older versions of the two applications.
In a tweet, the researcher mentioned that the vulnerability was the result of a feature known as ‘modelines’ in the application, which could enable attackers to execute arbitrary code and gain remote control over compromised systems. The flaw, called CVE-2019-12735, is a result of a faulty getchar.c function which allows remote attackers to execute arbitrary code through the ‘:source!’ command in a modeline. It affects Vim versions prior to 8.1.1365 and Neovim versions prior to 0.3.6. The researcher has also released two proof-of-concept (PoC) exploits for this vulnerability. One of the exploits shows an attack scenario wherein a reverse shell is executed when he/she opens a malicious file on either of these applications. This permitted system access to the remote attacker.
The researcher has advised other countermeasures such as disabling modelines, using a plugin called ‘securemodelines’ or to disable ‘modelineexpr’ option in modelines. Since Vim and Neovim are pre-installed in most of the Linux-based operating systems, Linux users are more prone to RCE attacks due to this flaw. Thus, they are advised to apply the patches available for the two applications.