Emacs Vulnerability Allows Execution of Arbitrary Commands via Local Variables
CVE-2003-1232

Currently unrated

Key Information:

Vendor

Gnu
Status
Emacs
Vendor
CVE Published:
31 December 2003

What is CVE-2003-1232?

In Emacs version 21.2.1, there is a security issue where the application fails to prompt users before executing user-defined Lisp code specified in the local variables section of a text file. This oversight enables user-assisted attackers to run arbitrary commands without the user's knowledge. The risk arises from variables like mode-name that could be manipulated. As a result, users may inadvertently expose their systems to potential unauthorized actions when opening specially crafted text files.

References

http://groups.google.com/group/gnu.emacs.bug/browse_frm/t...
x_refsource_MISC
http://www.securityfocus.com/bid/15375
vdb-entryx_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-20...
vendor-advisoryx_refsource_MANDRIVA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.