CVE-2005-1394

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.
Configurations

Configuration 1 (hide)

cpe:2.3:a:esri:arcinfo_workstation:9.0:*:*:*:*:*:*:*

History

11 Jul 2024, 18:03

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-134
CPE cpe:2.3:a:esri:arcgis:9.0:*:*:*:*:*:*:*
References () http://marc.info/?l=full-disclosure&m=111489411524630&w=2 - () http://marc.info/?l=full-disclosure&m=111489411524630&w=2 - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/15196 - Vendor Advisory () http://secunia.com/advisories/15196 - Broken Link
References () http://securitytracker.com/id?1013852 - Patch, Vendor Advisory () http://securitytracker.com/id?1013852 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 - () http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015 - Vendor Advisory
References () http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt - Patch () http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt - Patch, Third Party Advisory

Information

Published : 2005-05-03 04:00

Updated : 2024-07-11 18:03


NVD link : CVE-2005-1394

Mitre link : CVE-2005-1394

CVE.ORG link : CVE-2005-1394


JSON object : View

Products Affected

esri

  • arcinfo_workstation
CWE
CWE-134

Use of Externally-Controlled Format String