Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1232

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2003-1232
Last Modified 07 Mar 2011 09:13:42
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2003-1232

Summary

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.

Vulnerable Systems

Application

  • Gnu Emacs 21.2.1


References

MISC - http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html

SECUNIA - 17496

MISC - http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183

BID - 15375

MANDRIVA - MDKSA-2005:208


Last Updated: 27 May 2016 10:38:17