CVE-2012-3479

8 documents7 sources
Severity
6.8MEDIUM
EPSS
2.3%
top 15.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Emacs
Timeline
PublishedAug 25
Latest updateMay 17

Description

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDgnu/emacs4 versions+3

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-fh9m-xg7x-wmp2: lisp/files2022-05-17
CVEList
CVE-2012-3479: lisp/files2012-08-25

💥Exploits & PoCs

1
Exploit-DB
Symantec pcAnywhere - Insecure File Permissions Privilege Escalation2012-05-02

📋Vendor Advisories

2
Ubuntu
Emacs vulnerabilities2012-09-27
Red Hat
emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe'2012-08-07

💬Community

2
Bugzilla
CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe' [fedora-all]2012-08-13
Bugzilla
CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe'2012-08-13
CVE-2012-3479 (MEDIUM CVSS 6.8) | lisp/files.el in Emacs 23.2 | cvebase.io