Fluid Attacks Database

Description

A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	emacs	<1:24.3-20.el7_4	1:24.3-20.el7_4
rpm rhel6	emacs	-	-
rpm rhel5	emacs	-	-

Aliases

1. CVE-2017-144822. NVD-2017-144823. OSV-2017-14482

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.