GoKawiilVulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file.
The assistant also created multiple versions of proof-of-concept (PoC) exploits, refined them, and provided suggestions to address the security issues.
Vim and GNU Emacs are programmable text editors primarily used by developers and sysadmins for code editing, terminal-based workflows, and scripting. Vim in particular is widely used in DevOps, and is installed by default on most Linux server distributions, embedded systems, and macOS.
Vim flaw and fix
Hung Nguyen, a researcher at the boutique cybersecurity firm Calif, which specializes in AI red teaming and security engineering, found the issues in Vim after instructing Claude to find a remote code execution (RCE) zero-day vulnerability in the text editor triggered by opening a file.
The Claude assistant analyzed Vim’s source code and identified missing security checks and issues in modeline handling, allowing code embedded in a file to be executed upon opening.
A modeline is text placed at the beginning of a file that instructs Vim how to handle it.
Even if the code was supposed to run in a sandbox, another problem allowed it to bypass the restriction and execute commands in the context of the current user.
The vulnerability has not received a CVE ID and affects all versions of Vim 9.2.0271 and earlier.
Nguyen reported the issue to the Vim maintainers, who promptly released a patch in Vim version 9.2.0272. The Vim team noted that a victim would only need to open a specially crafted file to trigger the vulnerability.
... continue reading