PT-2012-3425 · Esri · Esri Arcgis+1

Published

2012-07-12

Updated

2024-10-10

CVE-2012-1661

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ESRI ArcMap version 9 ESRI ArcGIS versions 10.0.2.3200 and earlier

Description The issue allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file, due to the software not properly prompting users before executing embedded VBA macros.

Recommendations For ESRI ArcMap version 9, update to a version that properly handles VBA macro execution. For ESRI ArcGIS versions 10.0.2.3200 and earlier, update to a version that properly handles VBA macro execution. As a temporary workaround, consider disabling the execution of embedded VBA macros in ESRI ArcMap and ArcGIS until a patch is available.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2012-1661

Affected Products

Esri Arcgis

Esri Arcmap

PT-2012-3425 · Esri · Esri Arcgis+1

CVE-2012-1661

Weakness Enumeration

Related Identifiers

Affected Products

References · 7