Georgi Guninski discovered a way to construct Vim modelines
that execute arbitrary shell commands. The vulnerability
can be exploited by including shell commands in modelines
that call the glob() or expand() functions. An attacker
could trick an user to read or edit a trojaned file with
modelines enabled, after which the attacker is able to
execute arbitrary commands with the privileges of the user.
Note: It is generally recommended that VIM
users use set nomodeline in
~/.vimrc to avoid the possibility of trojaned
text files.