After the news of the Shellshock vulnerability broke out, I remembered I had GitHub's version of a bash shell for Windows installed. Just to see if it also had the vulnerability, I executed:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
And got back:
vulnerable
this is a test
Still, being a Windows system, can anything malicious be done from the GitHub bash shell, other than mess with my repositories?
(GitHub v2.0.6.0 130c781) (GitHub v2.4.0.12 34d40b7)
edit:
env x='() { :;};' bash -c "vi foldername/filename"
Confirming this can edit Windows system files.