First published: Fri Mar 30 2007(Updated: )
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Esri ArcGIS | <=9.2 | |
ESRI ArcSDE | =8.3 | |
ESRI ArcSDE | =8.3-sp1 | |
ESRI ArcSDE | =9.0 | |
ESRI ArcSDE | =9.0-sp1 | |
ESRI ArcSDE | =9.0-sp2 | |
ESRI ArcSDE | =9.1 | |
ESRI ArcSDE | =9.1-sp1 | |
ESRI ArcSDE | =9.1-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-1770 is classified as a critical vulnerability that can lead to remote code execution and denial of service.
To address CVE-2007-1770, users should update ArcGIS to version 9.2 Service Pack 2 or later.
CVE-2007-1770 affects the ArcSDE service (giomgr) in ESRI ArcGIS and ArcSDE versions prior to 9.2 Service Pack 2.
Yes, CVE-2007-1770 can be exploited by remote attackers to execute arbitrary code.
The vulnerable versions include ESRI ArcGIS before 9.2 Service Pack 2 and specific versions of ArcSDE, such as 8.3, 9.0, and 9.1.