CVE-2012-3479

2012-08-2510:29:51

redhat

web.nvd.nist.gov

cve-2012-3479

emacs 23.2

emacs 23.3

emacs 23.4

emacs 24.1

user-assisted remote attack

arbitrary code execution

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.013

Percentile

86.0%

JSON

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.

Affected configurations

Nvd

Node

gnuemacsMatch23.2

gnuemacsMatch23.3

gnuemacsMatch23.4

gnuemacsMatch24.1

VendorProductVersionCPE
gnuemacs23.2cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
gnuemacs23.3cpe:2.3:a:gnu:emacs:23.3:*:*:*:*:*:*:*
gnuemacs23.4cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*
gnuemacs24.1cpe:2.3:a:gnu:emacs:24.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	emacs	23.2	cpe:2.3:a:gnu:emacs:23.2:::::::*
gnu	emacs	23.3	cpe:2.3:a:gnu:emacs:23.3:::::::*
gnu	emacs	23.4	cpe:2.3:a:gnu:emacs:23.4:::::::*
gnu	emacs	24.1	cpe:2.3:a:gnu:emacs:24.1:::::::*