Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2012-3479

Published: Aug 25, 2012 | Modified: Dec 13, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
5.1 LOW
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-3479
CWEhttps://cwe.mitre.org/data/definitions/.html

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.

Affected Software

Name Vendor Start Version End Version
Emacs Gnu 23.2 (including) 23.2 (including)
Emacs Gnu 23.3 (including) 23.3 (including)
Emacs Gnu 23.4 (including) 23.4 (including)
Emacs Gnu 24.1 (including) 24.1 (including)
Emacs-snapshot Ubuntu hardy *
Emacs-snapshot Ubuntu lucid *
Emacs-snapshot Ubuntu natty *
Emacs21 Ubuntu hardy *
Emacs22 Ubuntu hardy *
Emacs23 Ubuntu devel *
Emacs23 Ubuntu natty *
Emacs23 Ubuntu oneiric *
Emacs23 Ubuntu precise *
Emacs23 Ubuntu quantal *
Emacs23 Ubuntu raring *
Emacs23 Ubuntu saucy *
Emacs23 Ubuntu upstream *
Emacs24 Ubuntu devel *
Emacs24 Ubuntu quantal *
Emacs24 Ubuntu raring *
Emacs24 Ubuntu saucy *
Emacs24 Ubuntu upstream *
Xemacs21 Ubuntu hardy *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use