Unprompted Execution of VBA Macros in ESRI ArcMap and ArcGIS

Unprompted Execution of VBA Macros in ESRI ArcMap and ArcGIS

CVE-2012-1661 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.

Learn more about our User Device Pen Test.