The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of ArcGIS: code execution via TeeChart Professional

Synthesis of the vulnerability 

An attacker can create a web page calling the TeeChart Professional ActiveX, which is installed by ArcGIS products, in order to execute code on computers of victims loading this page with Internet Explorer.
Impacted products: ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server.
Severity of this bulletin: 3/4.
Creation date: 03/04/2012.
Références of this threat: BID-49125, NIM074916, SS-2011-007, VIGILANCE-VUL-11517.

Description of the vulnerability 

ArcGIS products install the TeeChart Professional ActiveX in order to draw statistic graphs.

The AddSeries() method of TeeChart.TChart.9 adds a series of numbers for graphs. However, a parameter is used to compute the address of a callback function. An attacker can thus force the usage of a malicious function, in order to execute code.

An attacker can therefore create a web page calling the TeeChart Professional ActiveX, which is installed by ArcGIS products, in order to execute code on computers of victims loading this page with Internet Explorer.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness note impacts software or systems such as ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server.

Our Vigil@nce team determined that the severity of this security bulletin is important.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness announce.

Solutions for this threat 

ArcGIS: version 10.0 SP5.
The version 10.0 SP5 is corrected:
  http://blogs.esri.com/esri/arcgis/2012/07/10/arcgis-10-0-service-pack-5/

ArcGIS: workaround for TeeChart Professional.
A workaround is to set the Kill Bit on:
  B6C10489-FB89-11D4-93C9-006008A7EED4
  536600D3-70FE-4C50-92FB-640F6BFC49AD
  FAB9B41C-87D6-474D-AB7E-F07D78F2422E
  BDEB0088-66F9-4A55-ABD2-0BF8DEEC1196
  FCB4B50A-E3F1-4174-BD18-54C3B3287258
http://support.microsoft.com/kb/240797
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities.