From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: seb@k-7.ch (=?utf-8?Q?S=C3=A9bastien?= Gendre) Newsgroups: gmane.emacs.help Subject: Exploit in Emacs Date: Sat, 05 Jan 2019 00:37:11 +0100 Message-ID: <87y380kna0.fsf@k-7.ch> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Trace: blaine.gmane.org 1546644940 9245 195.159.176.226 (4 Jan 2019 23:35:40 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 4 Jan 2019 23:35:40 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Sat Jan 05 00:35:36 2019 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from listsout.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gfZ03-0002Eh-4S for geh-help-gnu-emacs@m.gmane.org; Sat, 05 Jan 2019 00:35:35 +0100 Original-Received: from localhost ([127.0.0.1]:44594 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gfZ29-0007Ze-56 for geh-help-gnu-emacs@m.gmane.org; Fri, 04 Jan 2019 18:37:45 -0500 Original-Received: from eggsout.gnu.org ([209.51.188.92]:41895 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gfZ1j-0007ZT-C9 for help-gnu-emacs@gnu.org; Fri, 04 Jan 2019 18:37:20 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gfZ1g-0004CI-5D for help-gnu-emacs@gnu.org; Fri, 04 Jan 2019 18:37:19 -0500 Original-Received: from 50-102-31-185.ftth.cust.kwaoo.net ([185.31.102.50]:55976 helo=k-7.ch) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gfZ1f-0004BX-SU for help-gnu-emacs@gnu.org; Fri, 04 Jan 2019 18:37:16 -0500 Original-Received: from escaflown (Alfred.lan [192.168.1.1]) by k-7.ch (OpenSMTPD) with ESMTPSA id a1f07282 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Fri, 4 Jan 2019 23:37:12 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 185.31.102.50 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:119078 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello everyone. Some minutes ago I found this video about an exploit in Emacs: https://www.youtube.com/watch?v=3DkBidbz3Oohw The effect of the exploit is, apparently: When you open a file, Emacs run some embedded ELISP code without asking you anything. On the video, the exploit is called "emacs_enriched" and the description said: Emacs Enriched Mime-type Handle Arbitrary ELISP Execution I didn't find anything more about the exploit itself. It's seems to be provided by a paying and proprietary software named "Immunity canvas". Did this exploit has got already reported? Best regards =2D------ S=C3=A9b GPG ID: 4DFC 4DE5 19B9 D13C --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEaA9vw9ypVj1kP0tAtYb3x3I54p4FAlwv7igACgkQtYb3x3I5 4p6bLxAAk6/PNUdh+yio5U91sJb79IPOtEoCX+8jFqLeUHHXHsy0WfFEOj8LYfEA a+dnNntgQ0zMpyhwep8W0LYMFWC4Lc1NPaAigFPNxoK7cJPyUq4PkuVl0HrIsAud 4JWBgeByi7WzsOx3GhEVe3ZzJE6lDfJvpnLlqbahgB3BJ1AHTwPUAdz/Ll53xNyT cjoAIq7QLa1qWG0KtcNJl1cJNufue3Kk1kKWLFSANbMs0hdGEsV4VxAjn+dJIu1H fKGckmuvAfa0zZCsO7J6Ee2t+qCXTsauq4ThJ6SrpvnAErqm2FrdiwgyfO4aCUFx VpyXlF8Kz4IE6NqiBgeScBPQ3/Csde2P32v4k+cViroURxI+m4rS2nS6cq5zYUT/ rmZzNnuzB5HDGhO9B3T7GxEcYszS/uj9n8+z/KrLVaLtyvXjIqHrGyerUQheBExF TAhY+0iA8ujB9kdI6NJFRlgkxud8WZuIGY3suLGPrz5B7nErdZtTViNgNjYsG7nH me+R+zvFWYfOCug1/QjPvJfhKkmo8z1a1gjWacf57zX5Avg2Gc7cbgxx7zFt48Vj DXLZ7vrgv3wapwP354Hu8Iq2QPhnegcSMObs2hkIgv854nyYPFXV+l4jhSKVAggS izAudZlLZwvcZYUqSu6wIj5j10GXRFh96iSg28QUeE9rJ8n53MU= =ZoZ4 -----END PGP SIGNATURE----- --=-=-=--