CVE-2012-0035

Gentoo Linux Security Advisory 201401-31

Severity Score

7.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

Una vulnerabilidad de ruta de búsqueda no confiable en EDE en CEDET antes de v1.0.1, tal como se utiliza en GNU Emacs antes de v23.4 y otros productos, permite a usuarios locales conseguir privilegios a través de una expresión Lisp modificada en un archivo Project.ede en el directorio, o en el directorio padre, de un archivo abierto.

Two vulnerabilities have been found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. Versions less than 24.1-r1 are affected.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-12-07 CVE Reserved
2012-01-19 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
http://openwall.com/lists/oss-security/2012/01/10/4	Mailing List
http://secunia.com/advisories/50801	Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_id=28649762	Mailing List
http://sourceforge.net/mailarchive/message.php?msg_id=28657612	Mailing List

URL	Date	SRC

URL	Date	SRC
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html	2018-12-07
http://openwall.com/lists/oss-security/2012/01/10/2	2018-12-07

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html	2018-12-07
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html	2018-12-07
http://secunia.com/advisories/47311	2018-12-07
http://secunia.com/advisories/47515	2018-12-07
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076	2018-12-07
http://www.ubuntu.com/usn/USN-1586-1	2018-12-07
https://security.gentoo.org/glsa/201812-05	2018-12-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				<= 1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version " <= 1.0"		-		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		beta1		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		beta2		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		beta3		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		pre1		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		pre2		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		pre3		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		pre4		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		pre6		Affected
Eric M Ludlam Search vendor "Eric M Ludlam"		Cedet Search vendor "Eric M Ludlam" for product "Cedet"				1.0 Search vendor "Eric M Ludlam" for product "Cedet" and version "1.0"		pre7		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				<= 23.3 Search vendor "Gnu" for product "Emacs" and version " <= 23.3"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				20.0 Search vendor "Gnu" for product "Emacs" and version "20.0"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				20.1 Search vendor "Gnu" for product "Emacs" and version "20.1"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				20.2 Search vendor "Gnu" for product "Emacs" and version "20.2"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				20.3 Search vendor "Gnu" for product "Emacs" and version "20.3"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				20.4 Search vendor "Gnu" for product "Emacs" and version "20.4"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				20.5 Search vendor "Gnu" for product "Emacs" and version "20.5"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				20.6 Search vendor "Gnu" for product "Emacs" and version "20.6"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				20.7 Search vendor "Gnu" for product "Emacs" and version "20.7"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				21 Search vendor "Gnu" for product "Emacs" and version "21"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				21.1 Search vendor "Gnu" for product "Emacs" and version "21.1"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				21.2 Search vendor "Gnu" for product "Emacs" and version "21.2"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				21.2.1 Search vendor "Gnu" for product "Emacs" and version "21.2.1"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				21.3 Search vendor "Gnu" for product "Emacs" and version "21.3"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				21.3.1 Search vendor "Gnu" for product "Emacs" and version "21.3.1"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				21.4 Search vendor "Gnu" for product "Emacs" and version "21.4"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				22.1 Search vendor "Gnu" for product "Emacs" and version "22.1"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				22.2 Search vendor "Gnu" for product "Emacs" and version "22.2"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				22.3 Search vendor "Gnu" for product "Emacs" and version "22.3"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				23.1 Search vendor "Gnu" for product "Emacs" and version "23.1"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				23.2 Search vendor "Gnu" for product "Emacs" and version "23.2"		-		Affected
Gnu Search vendor "Gnu"		Emacs Search vendor "Gnu" for product "Emacs"				23.4 Search vendor "Gnu" for product "Emacs" and version "23.4"		-		Affected