CVE-2007-1770

Esri Arcsde - Buffer Overflow

Title source: rule

Description

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Heretic2 · c++remotewindows

https://www.exploit-db.com/exploits/4146

View Code ZIP pw:eip

References (10)

[Broken Link] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507

[Broken Link] http://secunia.com/advisories/24639

[Vendor Advisory] http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260

[Vendor Advisory] http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261

[Vendor Advisory] http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23175

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1017874

[Broken Link, Third Party Advisory] http://www.vupen.com/english/advisories/2007/1140

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33282

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33457

Scores

EPSS 0.2660

EPSS Percentile 96.3%

Details

CWE

CWE-120

Status published

Products (3)

esri/arcsde 8.3 (2 CPE variants)

esri/arcsde 9.0 (3 CPE variants)

esri/arcsde 9.1 (3 CPE variants)

Published Mar 30, 2007

Tracked Since Feb 18, 2026