CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4278

HIGH
7.5
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile18.04th
PublishedAug 15, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.

Affected Platforms (CPE)

πŸ“¦
Esri

Arcsde

= 9.2

References & Advisories

πŸ”— http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=577
πŸ”— http://secunia.com/advisories/26452
πŸ”— http://securitytracker.com/id?1018574
πŸ”— http://www.securityfocus.com/bid/25334
πŸ”— http://www.vupen.com/english/advisories/2007/2911
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/36042
πŸ”— http://downloads.esri.com/support/downloads/other_/ArcSDE-92sp3-issues.htm

Related Vulnerabilities

CVE-2007-177010.0

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...