Skip to navigation Skip to main content Skip to footer

Technical Advisory: Shell Injection in MacVim mvim URI Handler

Vendor: macvim-dev Vendor URL: http://macvim.org Versions affected: snapshot-110 Author: Daniel Crowley  Bug discovery credit: Anonymous Advisory URL / CVE Identifier: TBD Risk: Critical 

Summary

MacVim is a Mac OS port of Vim.

MacVim is vulnerable to shell injection in mvim:// URIs through the column parameter, allowing attacks through a variety of means, including through malicious web pages.

Impact

Attackers can execute arbitrary shell commands as the logged-in user when that user visits an attacker-controlled web page or clicks an attacker-provided link.

Location

MMAppController.m

Details

MacVim is vulnerable to a shell injection attack in its handling of ‘mvim’ URLs. Shell injection is a class of vulnerability where an attacker can change the nature of executed shell commands through malformed input.

Recommendation

As no patch is available, discontinue use of MacVim or disable the mvim:// URI scheme using RCDefaultApp until a patch is made available.

Vendor Communication

2016-10-06 - Emailed MacVim asking for security contact address    using email listed on github repo 2016-11-02 - Emailed MacVim asking for security contact address    using email addresses for owner accounts listed on github    repo 2016-12-08 - Sent final notice of public disclosure including    full advisory details and proof of concept exploit, providing    a planned disclosure date of December 15th, 2016. 2016-12-08 - Response from MacVim received acknowledging the    email and promising to look into the bug 2017-01-16 - Asked for update from MacVim 2017-02-15 - Moved to accelerated disclosure due to unresponsive    contact 

About NCC Group

NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape. With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate respond to the risks they face. We are passionate about making the Internet safer and revolutionizing the way in which organizations think about cyber security.