CVE-2012-3479
Description
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
Risk Information
Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.29
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in GNU Emacs 23.2 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 23.3 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 23.4 | Windows |
| Multiple Vulnerabilities are affected in GNU Emacs 24.1 | Windows |
| The GNU Emacs editor (with GTK+ user interface) (USN-1586-1) emacs23_23.3+1-1ubuntu9.1_i386.deb | Linux |
| The GNU Emacs editor (with GTK+ user interface) (USN-1586-1) emacs23_23.3+1-1ubuntu9.1_amd64.deb | Linux |
| The GNU Emacs editor (with GTK+ user interface) (USN-1586-1) emacs23-common_23.3+1-1ubuntu9.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234