CVE-2019-12735

This exploit demonstrates arbitrary code execution in Vim and Neovim via maliciously crafted modelines. It bypasses the sandbox using `:source!` to execute shell commands, including a reverse shell payload.

This repository contains a functional exploit for CVE-2019-12735, which leverages modelines in Vim/Neovim to achieve arbitrary code execution. The PoC involves a crafted text file that, when opened in Vim/Neovim, triggers a reverse shell to a listener.

This repository provides a functional proof-of-concept for CVE-2019-12735, a vulnerability in Vim and Neovim that allows arbitrary command execution via modeline functionality. The exploit requires the modeline feature to be enabled and involves crafting a malicious file that executes commands when opened in Vim or Neovim.

This repository provides a Dockerized environment to exploit CVE-2019-12735, a Vim modeline vulnerability that allows arbitrary command execution when opening a specially crafted file. The PoC demonstrates command injection via a maliciously crafted modeline in a text file.

This repository contains a functional exploit for CVE-2019-12735, a vulnerability in Vim and Neovim that allows remote code execution via crafted modeline expressions. The PoC includes a Dockerfile to set up a vulnerable environment and a C program to generate a malicious text file that triggers the exploit.

This repository provides a detailed technical analysis of CVE-2019-12735, explaining how arbitrary code execution can be achieved in Vim and Neovim through modeline exploitation. It includes a breakdown of the vulnerability mechanics, sandbox bypass techniques, and a reverse shell PoC.