Lucene search

[email protected]CVE-2007-4278

HistoryAug 15, 2007 - 10:17 p.m.

CVE-2007-4278

2007-08-1522:17:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-4278

esri arcsde

arcgis

buffer overflow

denial of service

remote code execution

nvd

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.093 Low

EPSS

Percentile

94.7%

JSON

Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.

CPENameOperatorVersion
esri:arcgisesri arcgiseq*

CPE	Name	Operator	Version
esri:arcgis	esri arcgis	eq	*

References

downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm

labs.idefense.com/intelligence/vulnerabilities/display.php?id=577

secunia.com/advisories/26452

securitytracker.com/id?1018574

www.securityfocus.com/bid/25334

www.vupen.com/english/advisories/2007/2911

exchange.xforce.ibmcloud.com/vulnerabilities/36042

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.093 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2007-4278

prion1 securityvulns1