CVE-2012-1661

Sažetak

ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.

Reference

http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html
http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/
http://www.exploit-db.com/exploits/19138
http://www.osvdb.org/82986
http://www.securitytracker.com/id?1027170

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-07-2012 - 04:00

Objavljeno

12-07-2012 - 21:55