Vulnerability Description
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Esri | Arcsde | 8.3 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507Broken Link
- http://secunia.com/advisories/24639Broken Link
- http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PIDVendor Advisory
- http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PIDVendor Advisory
- http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PIDVendor Advisory
- http://www.securityfocus.com/bid/23175Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1017874Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/1140Broken LinkThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33282Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33457Third Party AdvisoryVDB Entry
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507Broken Link
- http://secunia.com/advisories/24639Broken Link
- http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PIDVendor Advisory
- http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PIDVendor Advisory
- http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PIDVendor Advisory
FAQ
What is CVE-2007-1770?
CVE-2007-1770 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attacke...
How severe is CVE-2007-1770?
CVE-2007-1770 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1770?
Check the references section above for vendor advisories and patch information. Affected products include: Esri Arcsde.