Vim modelines Remote Command Execution

December 23, 2016

Vim (a contraction of Vi IMproved) is a clone of Bill Joy's vi text editor program for Unix. It was written by Bram Moolenaar based on source for a port of the Stevie editor to the Amiga. Vim is designed for use both from a command-line interface and as a standalone application in a graphical user interface.

A remote code execution vulnerability exists in the modeline component of Vim. The vulnerability is due to insufficient input validation when parsing the filetype, syntax, and keymap options in modelines. A remote attacker can exploit this vulnerability by enticing a victim to open a file containing a malicious modeline in Vim. Successful exploitation can result in arbitrary command execution in the context of the current user.

The vulnerability has been assigned as CVE-2016-1248.

SonicWall provides protection against multiple versions of this threat via the following signatures:

  • IPS sid:12547 "Vim modelines Remote Command Execution 1"
  • IPS sid:12548 "Vim modelines Remote Command Execution 2"