Vulnerability Details : CVE-2012-0035
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
Products affected by CVE-2012-0035
- cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:*:*:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre4:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre3:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre7:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre6:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre2:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0035
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0035
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-0035
-
https://security.gentoo.org/glsa/201812-05
EDE: Privilege escalation (GLSA 201812-05) — Gentoo security
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
[SECURITY] Fedora 16 Update: emacs-23.3-9.fc16
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
[SECURITY] Fedora 15 Update: emacs-23.3-8.fc15
-
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
Security flaw in EDE; new release plansPatch
-
http://openwall.com/lists/oss-security/2012/01/10/2
oss-security - CVE Request: CEDET/Emacs global-ede-mode file loading vulnerabilityPatch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
mandriva.com
-
http://openwall.com/lists/oss-security/2012/01/10/4
oss-security - Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability
-
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
CEDET / [CEDET-devel] CEDET 1.0.1 available online
-
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
CEDET / [CEDET-devel] Security flaw in EDE
-
http://www.ubuntu.com/usn/USN-1586-1
USN-1586-1: Emacs vulnerabilities | Ubuntu security notices
Jump to