CVE-2012-0035

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sourceforge.net/mailarchive/message.php?msg_id=28657612", "name": "[cedet-devel] 20120111 CEDET 1.0.1 available online", "tags": [], "refsource": "MLIST"}, {"url": "http://secunia.com/advisories/47311", "name": "47311", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://sourceforge.net/mailarchive/message.php?msg_id=28649762", "name": "[cedet-devel] 20120109 Security flaw in EDE", "tags": [], "refsource": "MLIST"}, {"url": "http://openwall.com/lists/oss-security/2012/01/10/2", "name": "[oss-security] 20120109 CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://openwall.com/lists/oss-security/2012/01/10/4", "name": "[oss-security] 20120109 Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability", "tags": [], "refsource": "MLIST"}, {"url": "http://secunia.com/advisories/47515", "name": "47515", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html", "name": "[emacs-devel] 20120109 Security flaw in EDE; new release plans", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html", "name": "FEDORA-2012-0494", "tags": [], "refsource": "FEDORA"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html", "name": "FEDORA-2012-0462", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.ubuntu.com/usn/USN-1586-1", "name": "USN-1586-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/50801", "name": "50801", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:076", "name": "MDVSA-2013:076", "tags": [], "refsource": "MANDRIVA"}, {"url": "https://security.gentoo.org/glsa/201812-05", "name": "GLSA-201812-05", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-0035", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2012-01-19T15:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "23.3"}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0"}, {"cpe23Uri": "cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-12-07T11:29Z"}