Vulnerability Description
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Emacs | 21.3.1 |
| Gnu | Xemacs | All versions |
References
- http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
- http://secunia.com/advisories/30199
- http://secunia.com/advisories/30216
- http://secunia.com/advisories/30303
- http://secunia.com/advisories/30581
- http://secunia.com/advisories/30827
- http://secunia.com/advisories/34004
- http://security.gentoo.org/glsa/glsa-200902-06.xml
- http://thread.gmane.org/gmane.emacs.devel/96903Exploit
- http://tracker.xemacs.org/XEmacs/its/issue378
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:153
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:154
- http://www.securityfocus.com/archive/1/492657/100/0/threaded
FAQ
What is CVE-2008-2142?
CVE-2008-2142 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary c...
How severe is CVE-2008-2142?
CVE-2008-2142 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2142?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Emacs, Gnu Xemacs.