CVE-2012-3479
Gentoo Linux Security Advisory 201403-05
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
lisp/files.el en Emacs v23.2, v23.3, v23.4, y v24.1 ejecuta automáticamente formularios eval en secciones local-variable cuando la opcion en las secciones de variable local cuando la opción enable-local-variables está establecida en :safe, lo que permite a atacantes remotos asistidos por el usuario ejecutar código Emacs Lisp de su elección en un archivo modificado.
Two vulnerabilities have been found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. Versions less than 24.1-r1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-06-14 CVE Reserved
- 2012-08-25 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 | X_refsource_confirm | |
| http://secunia.com/advisories/50801 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2012/08/13/2 | Mailing List |
|
| http://www.securityfocus.com/bid/54969 | Vdb Entry | |
| http://www.securitytracker.com/id?1027375 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/08/13/1 | 2013-12-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Emacs Search vendor "Gnu" for product "Emacs" | 23.2 Search vendor "Gnu" for product "Emacs" and version "23.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Emacs Search vendor "Gnu" for product "Emacs" | 23.3 Search vendor "Gnu" for product "Emacs" and version "23.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Emacs Search vendor "Gnu" for product "Emacs" | 23.4 Search vendor "Gnu" for product "Emacs" and version "23.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Emacs Search vendor "Gnu" for product "Emacs" | 24.1 Search vendor "Gnu" for product "Emacs" and version "24.1" | - |
Affected
| ||||||