Vulnerability Description
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Esri | Arcsde | 9.2 |
Related Weaknesses (CWE)
References
- http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htmVendor Advisory
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577Broken Link
- http://secunia.com/advisories/26452Broken Link
- http://securitytracker.com/id?1018574Broken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/25334Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/2911Broken LinkThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36042Third Party AdvisoryVDB Entry
- http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htmVendor Advisory
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577Broken Link
- http://secunia.com/advisories/26452Broken Link
- http://securitytracker.com/id?1018574Broken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/25334Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/2911Broken LinkThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36042Third Party AdvisoryVDB Entry
FAQ
What is CVE-2007-4278?
CVE-2007-4278 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via ...
How severe is CVE-2007-4278?
CVE-2007-4278 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4278?
Check the references section above for vendor advisories and patch information. Affected products include: Esri Arcsde.