Published: 25/08/2012 Updated: 13/12/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote malicious users to execute arbitrary Emacs Lisp code via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu emacs 23.3
gnu emacs 23.4
gnu emacs 23.2
gnu emacs 24.1

Emacs could be made to run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #684694 emacs24: CVE-2012-3479: GNU Emacs file-local variables Package: emacs24; Maintainer for emacs24 is Rob Browning <rlb@defaultvalueorg>; Source for emacs24 is src:emacs (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Mon, 13 Aug 2012 06:57:01 UTC Severity: importan ...

Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to safe For the stable distribution (squeeze), this problem has been fixed in version 232+1-7+squeeze1 For the testing distribution (wheezy), this problem has been fixed in version 234+1-4 For the unstable distribution (sid), ...

NVD-CWE-noinfo http://www.openwall.com/lists/oss-security/2012/08/13/2 http://www.openwall.com/lists/oss-security/2012/08/13/1 http://www.securitytracker.com/id?1027375 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.420006 http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 http://secunia.com/advisories/50157 http://www.securityfocus.com/bid/54969 http://www.ubuntu.com/usn/USN-1586-1 http://lists.opensuse.org/opensuse-updates/2012-10/msg00057.html http://www.debian.org/security/2013/dsa-2603 http://secunia.com/advisories/50801 http://www.mandriva.com/security/advisories?name=MDVSA-2013:076 https://nvd.nist.gov https://usn.ubuntu.com/1586-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3479

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect