CVE-2005-1394 - Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain pr

CVE-2005-1394

Summary

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.

References

Vulnerable Configurations

cpe:2.3:a:esri:arcgis:9.0:*:*:*:*:*:*:*
cpe:2.3:a:esri:arcgis:9.0:*:*:*:*:*:*:*
cpe:2.3:a:esri:arcinfo_workstation:9.0:*:*:*:*:*:*:*
cpe:2.3:a:esri:arcinfo_workstation:9.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-10-2016 - 03:19)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015
fulldisc	20050430 DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities
misc	http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt
sectrack	1013852
secunia	15196

Last major update

18-10-2016 - 03:19

Published

03-05-2005 - 04:00

Last modified

18-10-2016 - 03:19