Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3479

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-3479
Last Modified 13 Dec 2013 12:03:02
Published 25 Aug 2012 06:29:51
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3479

Summary

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.

Vulnerable Systems

Application

  • Gnu Emacs 23.2

  • Gnu Emacs 23.3

  • Gnu Emacs 23.4

  • Gnu Emacs 24.1


References

SLACKWARE - SSA:2012-228-02

SECTRACK - 1027375

BID - 54969

MLIST - [oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables

MLIST - [oss-security] 20120813 Security flaw in GNU Emacs file-local variables

SECUNIA - 50157

CONFIRM - http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155

UBUNTU - USN-1586-1

SUSE - openSUSE-SU-2012:1348

DEBIAN - DSA-2603

SECUNIA - 50801

MANDRIVA - MDVSA-2013:076


Last Updated: 27 May 2016 11:00:19