Vulnerability Details : CVE-2007-1770
Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2007-1770
- cpe:2.3:a:esri:arcsde:8.3:-:*:*:*:*:*:*
- cpe:2.3:a:esri:arcsde:9.0:-:*:*:*:*:*:*
- cpe:2.3:a:esri:arcsde:9.1:-:*:*:*:*:*:*
- cpe:2.3:a:esri:arcsde:8.3:sp1:*:*:*:*:*:*
- cpe:2.3:a:esri:arcsde:9.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:esri:arcsde:9.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:esri:arcsde:9.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:esri:arcsde:9.1:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1770
30.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1770
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-1770
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-1770
-
http://secunia.com/advisories/24639
About Secunia Research | FlexeraBroken Link
-
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262
ArcSDE 9.1 Three Tiered Connection Security PatchVendor Advisory
-
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260
ArcSDE 8.3 Three Tiered Connection Security PatchVendor Advisory
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507
Broken Link
-
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261
ArcSDE 9.0 Three Tiered Connection Security PatchVendor Advisory
-
http://www.securityfocus.com/bid/23175
Broken Link;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33457
ESRI ArcSDE Server service buffer overflow undefined Vulnerability ReportThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33282
ESRI ArcSDE Server three tiered ArcSDE configurations denial of service CVE-2007-1770 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/1140
Site en constructionBroken Link;Third Party Advisory
-
http://www.securitytracker.com/id?1017874
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
Jump to