- Description
- Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18656642-C693-4BFD-A708-BCBFB5965C2C",
"versionEndIncluding": "20.0"
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10"
},
{
"criteria": "cpe:2.3:a:gnu:xemacs:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C335DC66-8037-4457-942A-9F6B83333BAF",
"versionEndIncluding": "21.4"
}
],
"operator": "OR"
}
]
}
]