iDefense Security Advisory 08.15.07 - Remote exploitation of a buffer overflow vulnerability within Environmental Systems Research Institute (ESRI) Inc.'s ArcSDE service allows attackers to crash the service or potentially execute arbitrary code. This vulnerability specifically exists due to insufficient buffer space when representing user-supplied numeric values in ASCII. Certain requests result in an sprintf() call using a static-sized 8 byte stack buffer. If an attacker supplies a number that's ASCII value cannot be represented within 8 bytes, a stack-based buffer overflow occurs. The vendor has confirmed that version 9.2 of ArcSDE, as bundled with ArcGIS, is vulnerable to this attack. All versions are suspected to be vulnerable.
85dddbead8dfc3c87e54bea99eff2fcce5a1965f19503a8ee48cae1507f6c1be