CVE-2005-1394

ArcGIS for ESRI ArcInfo Workstation 9.0 - Privilege Escalation

Title source: llm

Description

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · clocalsolaris

https://www.exploit-db.com/exploits/972

View Code ZIP pw:eip

References (5)

[Mailing List, Third Party Advisory] http://marc.info/?l=full-disclosure&m=111489411524630&w=2

[Vendor Advisory] http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015

[Broken Link] http://secunia.com/advisories/15196

[Patch, Third Party Advisory] http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt

[Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://securitytracker.com/id?1013852

Scores

EPSS 0.0070

EPSS Percentile 72.0%

Details

CWE

CWE-134

Status published

Products (1)

esri/arcinfo_workstation 9.0

Published May 03, 2005

Tracked Since Feb 18, 2026