critical
9.3
Advisory Published
Updated

CVE-2012-0035

First published: Thu Jan 19 2012(Updated: )

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Cedet<=1.0
Cedet=1.0-beta1
Cedet=1.0-beta2
Cedet=1.0-beta3
Cedet=1.0-pre1
Cedet=1.0-pre2
Cedet=1.0-pre3
Cedet=1.0-pre4
Cedet=1.0-pre6
Cedet=1.0-pre7
GNU Emacs<=23.3
GNU Emacs=20.0
GNU Emacs=20.1
GNU Emacs=20.2
GNU Emacs=20.3
GNU Emacs=20.4
GNU Emacs=20.5
GNU Emacs=20.6
GNU Emacs=20.7
GNU Emacs=21
GNU Emacs=21.1
GNU Emacs=21.2
GNU Emacs=21.2.1
GNU Emacs=21.3
GNU Emacs=21.3.1
GNU Emacs=21.4
GNU Emacs=22.1
GNU Emacs=22.2
GNU Emacs=22.3
GNU Emacs=23.1
GNU Emacs=23.2
GNU Emacs=23.4

Remedy

http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html

Remedy

http://openwall.com/lists/oss-security/2012/01/10/2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2012-0035?

    CVE-2012-0035 is considered a high severity vulnerability due to its potential to allow local users to gain elevated privileges.

  • How do I fix CVE-2012-0035?

    To fix CVE-2012-0035, update to a patched version of GNU Emacs or CEDET that addresses this vulnerability.

  • Who is affected by CVE-2012-0035?

    CVE-2012-0035 affects local users of GNU Emacs versions prior to 23.4 and all versions of CEDET prior to 1.0.1.

  • What is the nature of the vulnerability in CVE-2012-0035?

    The vulnerability in CVE-2012-0035 is an untrusted search path issue that can be exploited through a crafted Lisp expression.

  • Can CVE-2012-0035 be exploited remotely?

    No, CVE-2012-0035 can only be exploited locally by users who have access to the affected system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203