Vulnerabilities > CVE-2003-1232 - Local Variable Arbitrary Command Execution vulnerability in GNU Emacs 21.2.1

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

gnu

exploit available

NVD

Published: 2003-12-31

Updated: 2011-03-08

Summary

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Emacs 21.2.1	1

Exploit-Db

description	Emacs 2.1 Local Variable Arbitrary Command Execution Vulnerability. CVE-2003-1232. Local exploit for linux platform
id	EDB-ID:26492
last seen	2016-02-03
modified	2002-12-31
published	2002-12-31
reporter	Georgi Guninski
source	https://www.exploit-db.com/download/26492/
title	Emacs 2.1 - Local Variable Arbitrary Command Execution Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References