PT-2008-5279 · Gnu · Emacs
Romain Francoise
·
Published
2008-09-22
·
Updated
2017-08-08
·
CVE-2008-3949
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Emacs versions 22.1 through 22.2
Description
The issue allows local users to execute arbitrary code via a Trojan horse Python file. This occurs because emacs/lisp/progmodes/python.el in affected Emacs versions imports Python scripts from the current working directory during the editing of a Python file.
Recommendations
For Emacs versions 22.1 and 22.2, consider disabling the python.el module until a patch is available to prevent the execution of arbitrary code.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emacs