CVE-2012-3479

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.

lisp/files.el en Emacs v23.2, v23.3, v23.4, y v24.1 ejecuta automáticamente formularios eval en secciones local-variable cuando la opcion en las secciones de variable local cuando la opción enable-local-variables está establecida en :safe, lo que permite a atacantes remotos asistidos por el usuario ejecutar código Emacs Lisp de su elección en un archivo modificado.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-06-14 CVE Reserved
2012-08-17 CVE Published
2024-03-25 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155	X_refsource_confirm
http://secunia.com/advisories/50801	Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/08/13/2	Mailing List
http://www.securityfocus.com/bid/54969	Vdb Entry
http://www.securitytracker.com/id?1027375	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2012/08/13/1	2013-12-13

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2012-10/msg00057.html	2013-12-13
http://secunia.com/advisories/50157	2013-12-13
http://www.debian.org/security/2013/dsa-2603	2013-12-13
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076	2013-12-13
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.420006	2013-12-13
http://www.ubuntu.com/usn/USN-1586-1	2013-12-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				23.2 Search vendor "Gnu" for product "Emacs" and version "23.2"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				23.3 Search vendor "Gnu" for product "Emacs" and version "23.3"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				23.4 Search vendor "Gnu" for product "Emacs" and version "23.4"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				24.1 Search vendor "Gnu" for product "Emacs" and version "24.1"		-		Affected