CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1770

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile31.92th
PublishedMar 30, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.

Affected Platforms (CPE)

πŸ“¦
Esri

Arcsde

= 8.3
πŸ“¦
Esri

Arcsde

= 8.3
πŸ“¦
Esri

Arcsde

= 9.0
πŸ“¦
Esri

Arcsde

= 9.0
πŸ“¦
Esri

Arcsde

= 9.0
πŸ“¦
Esri

Arcsde

= 9.1
πŸ“¦
Esri

Arcsde

= 9.1
πŸ“¦
Esri

Arcsde

= 9.1

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=507
πŸ”— http://secunia.com/advisories/24639
πŸ”— http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1260
πŸ”— http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1261
πŸ”— http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=19&MetaID=1262
πŸ”— http://www.securityfocus.com/bid/23175
πŸ”— http://www.securitytracker.com/id?1017874
πŸ”— http://www.vupen.com/english/advisories/2007/1140

Related Vulnerabilities

CVE-2007-42787.5

Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to caus...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...