CVE-2012-1661
published 2012-07-12CVE-2012-1661: ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote…
PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
23.83%
97.5th percentile
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| esri | arcmap | <= 10.0.2.3200 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandShell "cmd /c start http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661.htm", vbNormalFocus↗
- →Detect execution of VBA macro event handler MxDocument_OpenDocument in ArcMap/ArcGIS .mxd files, which fires automatically on document open without user prompt — the exploit entry point. ↗
- →Flag .mxd files received via email or downloaded from the internet for VBA macro content inspection, as these files are not filtered by email systems and can carry embedded malicious macros. ↗
- →Monitor for child processes (e.g., cmd.exe, calc.exe, or browser processes) spawned by ArcMap or ArcGIS Desktop processes, which would indicate Shell() execution from an embedded VBA macro. ↗
- ·Affected versions include ArcMap 9, ArcGIS Desktop 10.0 (build 10.0.1.2800, SP1) and ArcGIS Desktop 10.0 (build 10.0.2.3200, SP2) and earlier; additional versions may also be affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Opera Web Browser 12.11 - Crash (PoC)
exploitdb·2012-12-03
CVE-2012-6470 Opera Web Browser 12.11 - Crash (PoC)
Opera Web Browser 12.11 - Crash (PoC)
---
Title : Opera Web Browser 12.11 WriteAV Vulnerability
Version : 12.11 Build 1661 and 12.12
Date : 2012-12-03
Vendor : http://www.opera.com/
Impact : High
Contact : coolkaveh [at] rocketmail.com
Twitter : @coolkaveh
tested : windows XP SP3
Author : coolkaveh
#####################################################################################################################
Opera is a web browser and Internet suite developed by Opera Software with over 270 million users worldwide.
The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail
Messages, managing contacts, chatting on IRC, downloading files via BitTorrent, and reading web feeds. Opera is
Offered free of charge for personal computers and
Exploit-DB
ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution
exploitdb·2012-06-14·CVSS 9.3
CVE-2012-1661 [CRITICAL] ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution
ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution
---
TITLE
ESRI ArcMap Arbitrary Code Execution Via Crafted Map File
Description:
Opening a specially crafted mxd file will execute arbitrary
code without prompting and without a crash of the application.
This is due to a flaw in the programs ability to prompt a user
before executing embedded VBA. Mxd files are not filtered by
email systems so this allows a remote attacker to trick a user
into opening a map file via email and unknowingly gain control
over their system.
Versions affected (maybe more):
ArcMap 9
ArcGIS Desktop 10
Release Version: 10.0
Product Version: 10.0.1.2800
ArcGIS Service Pack: 1 (build 10.0.1.2800)
ArcGIS Desktop 10
Release Version: 10.0
Product Version: 10.0.2.3200
ArcGIS Service Pack: 2 (build 10.0.2.320
No writeups or analysis indexed.
http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.htmlhttp://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/http://www.exploit-db.com/exploits/19138http://www.osvdb.org/82986http://www.securitytracker.com/id?1027170http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.htmlhttp://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/http://www.exploit-db.com/exploits/19138http://www.osvdb.org/82986http://www.securitytracker.com/id?1027170
2012-07-12
Published