CVE-2007-1770

EPSS 26.6%
Veröffentlicht 30.03.2007 01:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Esri ≫ Arcsde Version8.3 Update-

Esri ≫ Arcsde Version8.3 Updatesp1

Esri ≫ Arcsde Version9.0 Update-

Esri ≫ Arcsde Version9.0 Updatesp1

Esri ≫ Arcsde Version9.0 Updatesp2

Esri ≫ Arcsde Version9.1 Update-

Esri ≫ Arcsde Version9.1 Updatesp1

Esri ≫ Arcsde Version9.1 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	26.6%	0.961

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507

Broken Link

http://secunia.com/advisories/24639

Broken Link

http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260

Vendor Advisory

http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261

Vendor Advisory

http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262

Vendor Advisory

http://www.securityfocus.com/bid/23175

Third Party Advisory