5 matches found
Vulnerabilities fixed in Esri ArcReader
Esri has fixed multiple vulnerabilities in ArcReader, ArcGIS Desktop, ArcGIS Engine and ArcGIS Pro. A malicious party could vulnerabilities potentially exploit them to execute arbitrary code execute arbitrary code under application privileges. To do so, the malicious party needs to induce an...
CVE-2021-29098
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...
CVE-2021-29097
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...
PT-2021-18086 Β· Esri Β· Arcgis DesktopΒ +3
Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier Description: The issue arises from multiple uninitialized pointer...
PT-2015-4375 Β· Esri Β· Esri Arcgis For ServerΒ +2
Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Desktop versions 10.2.2 and earlier ESRI ArcGIS for Engine versions 10.2.2 and earlier ESRI ArcGIS for Server versions 10.2.2 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML vi...