4 matches found
CVE-2012-1661
ESRI ArcMap 9 and ArcGIS Desktop 10.0.2.3200 and earlier are affected by a flaw that does not properly prompt before executing embedded VBA macros in map files (.mxd), allowing user‑assisted remote code execution. Root cause: VBA macro execution is not prompting the user. Affected products/versio...
CVE-2021-29098
VULNERABILITY SUMMARY: CVE-2021-29098 affects Esri ArcReader and related Esri products (ArcReader, ArcGIS Desktop/Engine 10.8.1 and earlier, ArcGIS Pro 2.7 and earlier). Root cause: parsing of PMF files yields an uninitialized pointer access, enabling arbitrary code execution in the context of th...
CVE-2021-29097
CVE-2021-29097 corresponds to Esri ArcReader/ArcGIS PMF file parsing vulnerabilities that allow remote code execution via buffer overflow in the PMF parsing logic. The connected ZDI advisories describe heap- and stack-based buffer overflow variants (PMF parsing) that enable code execution in the ...
CVE-2021-29096
The CVE-2021-29096 issue affects Esri ArcReader, ArcGIS Desktop/Engine (10.8.1 and earlier) and ArcGIS Pro (2.7 and earlier). It is a use-after-free in PMF file parsing that allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. In the described...