Format String Vulnerability in ESRI ArcGIS for ArcInfo Workstation
CVE-2005-1394

Currently unrated

Key Information:

Vendor: Esri
Status: Arcinfo Workstation; Arcgis
Vendor: CVE Published:; 3 May 2005

What is CVE-2005-1394?

A format string vulnerability exists in ESRI ArcGIS for ArcInfo Workstation 9.0, which could allow local users to exploit format string specifiers in the ARCHOME environment variable. This vulnerability impacts components such as wservice and lockmgr. Successful exploitation allows attackers to execute arbitrary code, potentially leading to privilege escalation and unauthorized access to sensitive functionalities within the affected application.

References

http://marc.info/?l=full-disclosure&m=111489411524630&w=2

mailing-listx_refsource_FULLDISC

http://support.esri.com/index.cfm?fa=downloads.patchesSer...

x_refsource_CONFIRM

http://secunia.com/advisories/15196

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
May 3, 2005
Vulnerability Reserved
May 2, 2005

Esri

What is CVE-2005-1394?

References

Timeline