CVE-2008-2142 - Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with o

CVE-2008-2142

Summary

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

References

Vulnerable Configurations

cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:xemacs:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:xemacs:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-10-2018 - 20:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	29176
bugtraq	20080527 rPSA-2008-0177-1 emacs emacs-leim
confirm	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177 https://bugs.gentoo.org/show_bug.cgi?id=221197 https://issues.rpath.com/browse/RPL-2529
fedora	FEDORA-2008-5446 FEDORA-2008-5504
gentoo	GLSA-200902-06
mandriva	MDVSA-2008:153 MDVSA-2008:154
misc	http://thread.gmane.org/gmane.emacs.devel/96903 http://tracker.xemacs.org/XEmacs/its/issue378
mlist	[emacs-devel] 20080510 [mwelinder@bogus.example.com: Emacs security bug]
sectrack	1020019
secunia	30199 30216 30303 30581 30827 34004
suse	SUSE-SR:2008:012
vupen	ADV-2008-1539 ADV-2008-1540
xf	xemacs-gnuemacs-flc-code-execution(42362)

Last major update

11-10-2018 - 20:39

Published

12-05-2008 - 19:20

Last modified

11-10-2018 - 20:39