CVE-2003-1232

Currently unrated

Key Information:

Vendor: Gnu
Status: Emacs
Vendor: CVE Published:; 31 December 2003

Summary

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.

References

http://groups.google.com/group/gnu.emacs.bug/browse_frm/t...

x_refsource_MISC

http://www.securityfocus.com/bid/15375

vdb-entryx_refsource_BID

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Sep 26, 2005
Vulnerability published
Dec 31, 2003