CVE-2012-0035

Severity

93%

Complexity

86%

Confidentiality

165%

Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 13 years ago

2012-01-19 15:55:00

Last updated 6 years ago

2018-12-07 11:29:00

Affected Software

Eric M. Ludlam CEDET 1.0beta1

1.0

Eric M. Ludlam CEDET 1.0beta2

1.0

Eric M. Ludlam CEDET 1.0beta3

1.0

Eric M. Ludlam CEDET 1.0pre1

1.0

Eric M. Ludlam CEDET 1.0pre2

1.0

Eric M. Ludlam CEDET 1.0pre3

1.0

Eric M. Ludlam CEDET 1.0pre4

1.0

Eric M. Ludlam CEDET 1.0pre6

1.0

Eric M. Ludlam CEDET 1.0pre7

1.0

GNU Emacs 20.0

20.0

GNU GNU Emacs 20.1

20.1

GNU GNU Emacs 20.2

20.2

GNU GNU Emacs 20.3

20.3

GNU Emacs 20.4

20.4

GNU GNU Emacs 20.5

20.5

GNU GNU Emacs 20.6

20.6

GNU Emacs 20.7

20.7

GNU Emacs 21

21

GNU Emacs 21.1

21.1

GNU Emacs 21.2

21.2

GNU Emacs 21.2.1

21.2.1

GNU Emacs 21.3

21.3

GNU Emacs 21.3.1

21.3.1

GNU Emacs 21.4

21.4

GNU Emacs 22.1

22.1

GNU Emacs 22.2

22.2

GNU Emacs 22.3

22.3

GNU Emacs 23.1

23.1

GNU Emacs 23.2

23.2

GNU Emacs

GNU Emacs 23.4

23.4

References

FEDORA-2012-0462

FEDORA-2012-0494

[emacs-devel] 20120109 Security flaw in EDE; new release plans

Patch

[oss-security] 20120109 CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability

Patch

[oss-security] 20120109 Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability

47311

Vendor Advisory

47515

Vendor Advisory

50801

[cedet-devel] 20120109 Security flaw in EDE

[cedet-devel] 20120111 CEDET 1.0.1 available online

MDVSA-2013:076

USN-1586-1

GLSA-201812-05

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.