logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2017-14482

Description

A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. #### Mitigation This issue can be mitigated by adding the following lines to the Emacs init file (for example ~/.emacs, ~/emacs.d/init.el, site-start.el) and avoiding options that would bypass normal initialization, like 'emacs -Q': ;; Mitigate CVE-2017-14482 in Emacs 25.2 and earlier (require 'enriched) (defun enriched-decode-display-prop (start end &optional param) (list start end))


Related