Main Vulnerability Database Exploits ID:5454 - Exploit for OS Command Injection in Vim - CVE-2019-12735

ID:5454 - Exploit for OS Command Injection in Vim - CVE-2019-12735

Published: May 20, 2021

Vulnerability identifier: #VU31049

Vulnerability risk: Low

CVE-ID: CVE-2019-12735

CWE-ID: CWE-78

Exploitation vector: Local access

Vulnerable software:
Vim

Link to public exploit:

https://github.com/nickylimjj/cve-2019-12735

Vulnerability description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Remediation

Install update from vendor's website.

ID:5454 - Exploit for OS Command Injection in Vim - CVE-2019-12735

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human