2 matches found
CVE-2012-3479
CVE-2012-3479 affects GNU Emacs up to version 24.1, where lisp/files.el can trigger eval forms in local-variable sections when enable-local-variables is set to :safe. This permits a remote attacker-curated file to execute arbitrary Emacs Lisp code. Multiple advisories and NASL/Gentoo/OpenVAS entr...
CVE-2012-3479
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file...