CVE-2007-5795
Summary
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
- MEDIUM
- LOCAL
- NONE
- COMPLETE
- NONE
- COMPLETE
References
Advisory Timeline
- Published