CVE-2012-1661
ESRI ArcMap < 10.0.2.3200 - Arbitrary VBA Code Execution via Crafted Map File
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1661. PoCs published by Boston Cyber Defense.
AI-analyzed exploit summary This exploit leverages a flaw in ESRI ArcMap's handling of embedded VBA macros in .mxd files, allowing arbitrary code execution without user prompt. The PoC demonstrates execution of shell commands via a crafted macro.
Description
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
Exploits (1)
This exploit leverages a flaw in ESRI ArcMap's handling of embedded VBA macros in .mxd files, allowing arbitrary code execution without user prompt. The PoC demonstrates execution of shell commands via a crafted macro.