Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: Emacs, code execution via

September 2008 by Vigil@nce

A local attacker can create the file in order to execute code with privileges of the Emacs user.

- Gravity: 1/4
- Consequences: user access/rights
- Provenance: user shell
- Means of attack: 1 attack
- Ability of attacker: technician (2/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: medium (2/3)
- Creation date: 09/09/2008
- Identifier: VIGILANCE-VUL-8096


- Unix - plateform


The Emacs editor supports the Python language:
- the "run-python" command executes a Python program
- in "eldoc-mode" mode, the command "run-python" is called when a Python file is opened

When "run-python" is executed, the "" configuration file is searched and automatically run. However, this file is first searched in the current directory.

An attacker can therefore create an "" file in a directory, and invite the victim to open a Python file in this same directory, in order to force the code from "" to be executed.


- Identifiers: BID-31052, VIGILANCE-VUL-8096
- Url:

See previous articles


See next articles