CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
86.0%
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes
eval forms in local-variable sections when the enable-local-variables
option is set to :safe, which allows user-assisted remote attackers to
execute arbitrary Emacs Lisp code via a crafted file.
Author | Note |
---|---|
jdstrand | per upstream, 23.1 and earlier not affected |
mdeslaur | natty is too close to EoL to be worth difficult backport, ignoring |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.10 | noarch | emacs23 | < 23.3+1-1ubuntu4.1 | UNKNOWN |
ubuntu | 12.04 | noarch | emacs23 | < 23.3+1-1ubuntu9.1 | UNKNOWN |
ubuntu | 12.10 | noarch | emacs23 | < 23.4+1-4ubuntu1 | UNKNOWN |
ubuntu | 13.04 | noarch | emacs23 | < 23.4+1-4ubuntu1 | UNKNOWN |
ubuntu | 13.10 | noarch | emacs23 | < 23.4+1-4ubuntu1 | UNKNOWN |
ubuntu | 12.10 | noarch | emacs24 | < 24.1+1-2ubuntu3 | UNKNOWN |
ubuntu | 13.04 | noarch | emacs24 | < 24.1+1-2ubuntu3 | UNKNOWN |
ubuntu | 13.10 | noarch | emacs24 | < 24.1+1-2ubuntu3 | UNKNOWN |