CVEs-PoC/2016/CVE-2016-1248.md

### [CVE-2016-1248](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248)
![](https://img.shields.io/static/v1?label=Product&message=vim%20before%20patch%208.0.0056&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=OS%20command%20injection&color=brighgreen)

### Description

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

### POC

#### Reference
- https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a

#### Github
- https://github.com/ARPSyndicate/cvemon