CVE-2007-4278
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.
Un desbordamiento de búfer en la región stack de la memoria en el proceso giomgr en servicio ESRI ArcSDE versión 9.2, tal y como es usado con ArcGIS, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un número largo que requiere más de 8 bytes para representarlo en ASCII, lo que desencadena un desbordamiento en una llamada de función sprintf.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-08-09 CVE Reserved
- 2007-08-15 CVE Published
- 2024-07-12 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm | X_refsource_confirm | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577 | Third Party Advisory | |
| http://securitytracker.com/id?1018574 | Vdb Entry | |
| http://www.securityfocus.com/bid/25334 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36042 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26452 | 2017-07-29 | |
| http://www.vupen.com/english/advisories/2007/2911 | 2017-07-29 |