Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.
References
Link | Resource |
---|---|
http://marc.info/?l=full-disclosure&m=111489411524630&w=2 | Mailing List Third Party Advisory |
http://secunia.com/advisories/15196 | Broken Link |
http://securitytracker.com/id?1013852 | Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory |
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 | Vendor Advisory |
http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt | Patch Third Party Advisory |
Configurations
History
11 Jul 2024, 18:03
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-134 | |
CPE | ||
References | () http://marc.info/?l=full-disclosure&m=111489411524630&w=2 - Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/15196 - Broken Link | |
References | () http://securitytracker.com/id?1013852 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 - Vendor Advisory | |
References | () http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt - Patch, Third Party Advisory |
Information
Published : 2005-05-03 04:00
Updated : 2024-07-11 18:03
NVD link : CVE-2005-1394
Mitre link : CVE-2005-1394
CVE.ORG link : CVE-2005-1394
JSON object : View
Products Affected
esri
- arcinfo_workstation
CWE
CWE-134
Use of Externally-Controlled Format String