CVE-2012-0035

EUVD-2012-0075
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
eric_m_ludlamcedet
𝑥
≤ 1.0
eric_m_ludlamcedet
1.0:beta1
eric_m_ludlamcedet
1.0:beta2
eric_m_ludlamcedet
1.0:beta3
eric_m_ludlamcedet
1.0:pre1
eric_m_ludlamcedet
1.0:pre2
eric_m_ludlamcedet
1.0:pre3
eric_m_ludlamcedet
1.0:pre4
eric_m_ludlamcedet
1.0:pre6
eric_m_ludlamcedet
1.0:pre7
gnuemacs
𝑥
≤ 23.3
gnuemacs
20.0
gnuemacs
20.1
gnuemacs
20.2
gnuemacs
20.3
gnuemacs
20.4
gnuemacs
20.5
gnuemacs
20.6
gnuemacs
20.7
gnuemacs
21.1
gnuemacs
21.2
gnuemacs
21.2.1
gnuemacs
21.3
gnuemacs
21.3.1
gnuemacs
21.4
gnuemacs
22.1
gnuemacs
22.2
gnuemacs
22.3
gnuemacs
23.1
gnuemacs
23.2
gnuemacs
23.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cedet
hardy
ignored
lucid
ignored
maverick
ignored
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
emacs22
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
emacs23
hardy
dne
lucid
not-affected
maverick
not-affected
natty
ignored
oneiric
Fixed 23.3+1-1ubuntu4.1
released
precise
Fixed 23.3+1-1ubuntu9.1
released
quantal
not-affected
raring
not-affected
saucy
not-affected
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
http://openwall.com/lists/oss-security/2012/01/10/2
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311
http://secunia.com/advisories/47515
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
http://openwall.com/lists/oss-security/2012/01/10/2
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311
http://secunia.com/advisories/47515
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05