CVE-2007-5795

Emacs < 22.1 - Unauthenticated Variable Manipulation via Local Variables Declaration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5795. PoCs published by Drake Wilson.

AI-analyzed exploit summary This exploit leverages a design error in Emacs 22.1 where local variables are improperly handled, allowing arbitrary code execution via a malicious file. The PoC demonstrates how a specially crafted file can modify the user's init file when loaded with 'enable-local-variables' set to :safe.

Description

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Drake Wilson · textremotelinux

https://www.exploit-db.com/exploits/30736

View Code ZIP pw:eip

This exploit leverages a design error in Emacs 22.1 where local variables are improperly handled, allowing arbitrary code execution via a malicious file. The PoC demonstrates how a specially crafted file can modify the user's init file when loaded with 'enable-local-variables' set to :safe.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Emacs 22.1

No auth needed

Prerequisites: Victim must load the malicious file in Emacs with 'enable-local-variables' set to :safe

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19

Core References

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html

Issue Tracking x_refsource_confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27984

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/38263

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27728

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0924/references

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3715

Various Sources x_refsource_confirm

http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/42060

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-541-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29420

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:034

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26327

Issue Tracking x_refsource_confirm

http://bugs.gentoo.org/show_bug.cgi?id=197958

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200712-03.xml

Vendor Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=307562

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27508

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27627

Scores

EPSS 0.0121

EPSS Percentile 79.2%

Details

Status published

Products (1)

gnu/emacs < 22.1

Published Nov 02, 2007

Tracked Since Feb 18, 2026