7.2 High
AI Score
Confidence
Low
6.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:C/A:C
0.001 Low
EPSS
Percentile
38.1%
Drake Wilson discovered that Emacs did not correctly handle the safe
mode of “enable-local-variables”. If a user were tricked into opening
a specially crafted file while “enable-local-variables” was set to the
non-default “:safe”, a remote attacker could execute arbitrary commands
with the user’s privileges.