Vulnerabilities > CVE-2005-1394 - Unspecified vulnerability in Esri Arcgis and Arcinfo Workstation

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

esri

exploit available

NVD

Published: 2005-05-03

Updated: 2016-10-18

Summary

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.

Vulnerable Configurations

Part	Description	Count
Application	Esri Esri Arcgis 9.0 Esri Arcinfo Workstation 9.0	2

Exploit-Db

description	Solaris 10.x ESRI Arcgis Local Root Format String Exploit. CVE-2005-1394. Local exploit for solaris platform
id	EDB-ID:972
last seen	2016-01-31
modified	2005-04-30
published	2005-04-30
reporter	Kevin Finisterre
source	https://www.exploit-db.com/download/972/
title	Solaris 10.x ESRI Arcgis Local Root Format String Exploit

Summary

Vulnerable Configurations

Exploit-Db

References