| ID |
CVE-2012-3479
|
| Summary |
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.8 (as of 13-12-2013 - 05:03) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 54969 | | confirm | http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 | | debian | DSA-2603 | | mandriva | MDVSA-2013:076 | | mlist | - [oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables
- [oss-security] 20120813 Security flaw in GNU Emacs file-local variables
| | sectrack | 1027375 | | secunia | | | slackware | SSA:2012-228-02 | | suse | openSUSE-SU-2012:1348 | | ubuntu | USN-1586-1 |
|
| Last major update |
13-12-2013 - 05:03 |
| Published |
25-08-2012 - 10:29 |
| Last modified |
13-12-2013 - 05:03 |
