Lucene search

[email protected]CVE-2005-1394

HistoryMay 03, 2005 - 4:00 a.m.

CVE-2005-1394

2005-05-0304:00:00

[email protected]

web.nvd.nist.gov

cve-2005-1394

arcgis

esri

arcinfo workstation

format string vulnerability

local users

privilege escalation

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.

Affected configurations

NVD

Node

esriarcgisMatch9.0

esriarcinfo_workstationMatch9.0

CPENameOperatorVersion
esri:arcgisesri arcgiseq9.0
esri:arcinfo_workstationesri arcinfo workstationeq9.0

CPE	Name	Operator	Version
esri:arcgis	esri arcgis	eq	9.0
esri:arcinfo_workstation	esri arcinfo workstation	eq	9.0

References

marc.info/?l=full-disclosure&m=111489411524630&w=2

secunia.com/advisories/15196

securitytracker.com/id?1013852

support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015

www.digitalmunition.com/DMA%5B2005-0425a%5D.txt

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2005-1394

cvelist1 nvd1