ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
References
Link | Resource |
---|---|
http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html | Exploit |
http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/ | Exploit |
http://www.exploit-db.com/exploits/19138 | Exploit Third Party Advisory VDB Entry |
http://www.osvdb.org/82986 | Broken Link |
http://www.securitytracker.com/id?1027170 | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html | Exploit |
http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/ | Exploit |
http://www.exploit-db.com/exploits/19138 | Exploit Third Party Advisory VDB Entry |
http://www.osvdb.org/82986 | Broken Link |
http://www.securitytracker.com/id?1027170 | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 01:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html - Exploit | |
References | () http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/ - Exploit | |
References | () http://www.exploit-db.com/exploits/19138 - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.osvdb.org/82986 - Broken Link | |
References | () http://www.securitytracker.com/id?1027170 - Exploit, Third Party Advisory, VDB Entry |
10 Oct 2024, 14:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.exploit-db.com/exploits/19138 - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.osvdb.org/82986 - Broken Link | |
References | () http://www.securitytracker.com/id?1027170 - Exploit, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:esri:arcmap:9.0:*:*:*:*:*:*:* cpe:2.3:a:esri:arcgis:9.0:*:*:*:*:*:*:* |
cpe:2.3:a:esri:arcmap:*:*:*:*:*:*:*:* |
Information
Published : 2012-07-12 21:55
Updated : 2024-11-21 01:37
NVD link : CVE-2012-1661
Mitre link : CVE-2012-1661
CVE.ORG link : CVE-2012-1661
JSON object : View
Products Affected
esri
- arcmap
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')