CVE-2012-1661

Name of the Vulnerable Software and Affected Versions ESRI ArcMap version 9 ESRI ArcGIS versions 10.0.2.3200 and earlier

Description The issue allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file, due to the software not properly prompting users before executing embedded VBA macros.

Recommendations For ESRI ArcMap version 9, update to a version that properly handles VBA macro execution. For ESRI ArcGIS versions 10.0.2.3200 and earlier, update to a version that properly handles VBA macro execution. As a temporary workaround, consider disabling the execution of embedded VBA macros in ESRI ArcMap and ArcGIS until a patch is available.