Paul Ling

**Name of the Vulnerable Software and Affected Versions** Emacs versions 23.2 through 24.1 **Description** The issue allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file, due to the automatic execution of eval forms in local-variable sections when the enable-local-variables option is set to :safe. **Recommendations** For Emacs versions 23.2 through 24.1, consider disabling the automatic execution of eval forms in local-variable sections by setting the enable-local-variables option to a more restrictive value until a patch is available.