lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote malicious users to execute arbitrary Emacs Lisp code via a crafted file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu emacs 23.2 |
||
gnu emacs 23.3 |
||
gnu emacs 23.4 |
||
gnu emacs 24.1 |