[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0035Date: (C)2012-01-19   (M)2023-12-22


Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-47311
SECUNIA-47515
SECUNIA-50801
FEDORA-2012-0462
FEDORA-2012-0494
GLSA-201812-05
MDVSA-2013:076
USN-1586-1
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
http://openwall.com/lists/oss-security/2012/01/10/2
http://openwall.com/lists/oss-security/2012/01/10/4

CPE    31
cpe:/a:gnu:emacs:20.6
cpe:/a:gnu:emacs:22.3
cpe:/a:gnu:emacs:23.2
cpe:/a:gnu:emacs:21.4
...
OVAL    4
oval:org.secpod.oval:def:104086
oval:org.secpod.oval:def:701027
oval:org.secpod.oval:def:103348
oval:org.secpod.oval:def:103387
...

© SecPod Technologies