Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
2012-01-19T15:55:00.943
2025-04-11T00:51:21.963
Deferred
CVSSv2: 9.3 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | eric_m_ludlam | cedet | ≤ 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | eric_m_ludlam | cedet | 1.0 | Yes |
| Application | gnu | emacs | ≤ 23.3 | Yes |
| Application | gnu | emacs | 20.0 | Yes |
| Application | gnu | emacs | 20.1 | Yes |
| Application | gnu | emacs | 20.2 | Yes |
| Application | gnu | emacs | 20.3 | Yes |
| Application | gnu | emacs | 20.4 | Yes |
| Application | gnu | emacs | 20.5 | Yes |
| Application | gnu | emacs | 20.6 | Yes |
| Application | gnu | emacs | 20.7 | Yes |
| Application | gnu | emacs | 21 | Yes |
| Application | gnu | emacs | 21.1 | Yes |
| Application | gnu | emacs | 21.2 | Yes |
| Application | gnu | emacs | 21.2.1 | Yes |
| Application | gnu | emacs | 21.3 | Yes |
| Application | gnu | emacs | 21.3.1 | Yes |
| Application | gnu | emacs | 21.4 | Yes |
| Application | gnu | emacs | 22.1 | Yes |
| Application | gnu | emacs | 22.2 | Yes |
| Application | gnu | emacs | 22.3 | Yes |
| Application | gnu | emacs | 23.1 | Yes |
| Application | gnu | emacs | 23.2 | Yes |
| Application | gnu | emacs | 23.4 | Yes |