A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and previous versions) and ArcGIS Pro 2.7 (and previous versions) allows an unauthenticated malicious user to achieve arbitrary code execution in the context of the current user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esri arcgis desktop |
||
esri arcgis pro |
||
esri arcreader |
||
esri arcgis engine |