Untrusted Search Path Vulnerability in CEDET in GNU Emacs
CVE-2012-0035

Currently unrated

Key Information:

Vendor: Gnu
Status: Emacs; Cedet
Vendor: CVE Published:; 19 January 2012

Summary

The vulnerability present in the CEDET component of GNU Emacs allows local users to exploit a crafted Lisp expression in a Project.ede file, located in the same directory or a parent directory of an opened file. This issue can lead to unauthorized privilege escalation, providing attackers with the ability to execute malicious code under the context of the running user.

References

http://openwall.com/lists/oss-security/2012/01/10/2

mailing-listx_refsource_MLIST

http://sourceforge.net/mailarchive/message.php?msg_id=286...

mailing-listx_refsource_MLIST

http://secunia.com/advisories/47311

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 19, 2012
Vulnerability Reserved
Dec 7, 2011