CVE-2012-0035

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

Affected Software

Name	Vendor	Start Version	End Version
Cedet	Eric_m_ludlam	*	1.0 (including)
Cedet	Eric_m_ludlam	1.0-beta1 (including)	1.0-beta1 (including)
Cedet	Eric_m_ludlam	1.0-beta2 (including)	1.0-beta2 (including)
Cedet	Eric_m_ludlam	1.0-beta3 (including)	1.0-beta3 (including)
Cedet	Eric_m_ludlam	1.0-pre1 (including)	1.0-pre1 (including)
Cedet	Eric_m_ludlam	1.0-pre2 (including)	1.0-pre2 (including)
Cedet	Eric_m_ludlam	1.0-pre3 (including)	1.0-pre3 (including)
Cedet	Eric_m_ludlam	1.0-pre4 (including)	1.0-pre4 (including)
Cedet	Eric_m_ludlam	1.0-pre6 (including)	1.0-pre6 (including)
Cedet	Eric_m_ludlam	1.0-pre7 (including)	1.0-pre7 (including)
Emacs	Gnu	*	23.3 (including)
Emacs	Gnu	20.0 (including)	20.0 (including)
Emacs	Gnu	20.1 (including)	20.1 (including)
Emacs	Gnu	20.2 (including)	20.2 (including)
Emacs	Gnu	20.3 (including)	20.3 (including)
Emacs	Gnu	20.4 (including)	20.4 (including)
Emacs	Gnu	20.5 (including)	20.5 (including)
Emacs	Gnu	20.6 (including)	20.6 (including)
Emacs	Gnu	20.7 (including)	20.7 (including)
Emacs	Gnu	21 (including)	21 (including)
Emacs	Gnu	21.1 (including)	21.1 (including)
Emacs	Gnu	21.2 (including)	21.2 (including)
Emacs	Gnu	21.2.1 (including)	21.2.1 (including)
Emacs	Gnu	21.3 (including)	21.3 (including)
Emacs	Gnu	21.3.1 (including)	21.3.1 (including)
Emacs	Gnu	21.4 (including)	21.4 (including)
Emacs	Gnu	22.1 (including)	22.1 (including)
Emacs	Gnu	22.2 (including)	22.2 (including)
Emacs	Gnu	22.3 (including)	22.3 (including)
Emacs	Gnu	23.1 (including)	23.1 (including)
Emacs	Gnu	23.2 (including)	23.2 (including)
Emacs	Gnu	23.4 (including)	23.4 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-0035
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References