Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1394

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-1394
Last Modified 05 Sep 2008 04:49:01
Published 03 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1394

Summary

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.

Vulnerable Systems

Application

  • Esri Arcgis 9.0

  • Esri Arcinfo Workstation 9.0


References

MISC - http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt

SECTRACK - 1013852

SECUNIA - 15196

CONFIRM - http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015

FULLDISC - 20050430 DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities


Last Updated: 27 May 2016 10:40:09