CVE-2012-0035
CVE-2012-0035 is a critical-severity vulnerability in Eric M Ludlam Cedet with a CVSS 2.0 base score of 9.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 2.0 base score 9.3)
- EPSS exploit prediction: 3% (84th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Eric M Ludlam Cedet
- Published:
- Last modified:
Description
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
Frequently asked questions
- What is CVE-2012-0035?
- Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
- How severe is CVE-2012-0035?
- CVE-2012-0035 has a CVSS 2.0 base score of 9.3, rated critical severity.
- Is CVE-2012-0035 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (84th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-0035?
- CVE-2012-0035 primarily affects Eric M Ludlam Cedet. In total, 32 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2012-0035?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2012-0035 published?
- CVE-2012-0035 was published on 2012-01-19 and last updated on 2026-06-16.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
- http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
- http://openwall.com/lists/oss-security/2012/01/10/2
- http://openwall.com/lists/oss-security/2012/01/10/4
- http://secunia.com/advisories/47311
- http://secunia.com/advisories/47515
- http://secunia.com/advisories/50801
- http://sourceforge.net/mailarchive/message.php?msg_id=28649762
- http://sourceforge.net/mailarchive/message.php?msg_id=28657612
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
- http://www.ubuntu.com/usn/USN-1586-1
- https://security.gentoo.org/glsa/201812-05
Affected products (32)
- cpe:2.3:a:eric_m_ludlam:cedet:*:*:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre1:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre2:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre3:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre4:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre6:*:*:*:*:*:*
- cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre7:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*