First published: Sat Aug 25 2012(Updated: )
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Emacs | =23.2 | |
GNU Emacs | =23.3 | |
GNU Emacs | =23.4 | |
GNU Emacs | =24.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-3479 has a moderate severity level, as it allows for arbitrary code execution through user-assisted methods.
CVE-2012-3479 affects users by allowing crafted files to execute arbitrary Emacs Lisp code, compromising the user's environment.
To fix CVE-2012-3479, upgrade to a non-vulnerable version of Emacs that is beyond 24.1.
CVE-2012-3479 affects Emacs versions 23.2, 23.3, 23.4, and 24.1.
CVE-2012-3479 cannot be exploited without user interaction, as it requires the user to open a malicious file.