Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution
Summary
A critical flaw has been discovered in the Cursor code editor that allows malicious cloned repositories to execute arbitrary code on Windows. If a repository contains a file named 'git.exe' in its root directory, Cursor will automatically run it without any user interaction, potentially exposing sensitive data and credentials.
IFF Assessment
This vulnerability allows attackers to execute arbitrary code on a user's machine, posing a significant threat to defenders.
Severity
This vulnerability has a high attack vector (local file inclusion) and a high impact, allowing for complete system compromise and data exfiltration without user interaction.
Defender Context
This vulnerability highlights the risks associated with opening untrusted code repositories, especially in developer tools. Defenders should be wary of code execution vulnerabilities in IDEs and educate users on the importance of verifying the source of code before opening projects. Monitoring for unauthorized 'git.exe' execution or unusual process behavior within development environments could be a valuable detection strategy.