A vulnerability in the getchar.c source code file of Vim could allow an authenticated, remote attacker to execute arbitrary commands on a targeted system.
The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by executing the :source! command in a modeline on the affected system. A successful exploit could allow the attacker to execute arbitrary operating system commands on the targeted system.
Proof-of-concept code that demonstrates an exploit of this vulnerability is available.
Vim has confirmed the vulnerability and released a software patch.
Security Impact Rating: High