Use-After-Free Vulnerability in Esri ArcReader 10.8.1 and Earlier Allows Arbitrary Code Execution

Use-After-Free Vulnerability in Esri ArcReader 10.8.1 and Earlier Allows Arbitrary Code Execution

CVE-2021-29117 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

Learn more about our User Device Pen Test.