CVE-2021-29098

ArcGIS general raster security update: uninitialized pointer

CVSS 7.8 HIGHEPSS 2.0%CWE-824

In short

ArcGIS products contain uninitialized pointer bugs that can be triggered by opening a malicious file, allowing attackers to run arbitrary code on the victim's computer without authentication.

Technical detail

Multiple uninitialized pointer vulnerabilities exist in raster file parsing across ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier, and ArcGIS Pro 2.7 and earlier. An unauthenticated attacker can craft a specially designed raster file to exploit these memory corruption flaws, achieving arbitrary code execution with the privileges of the current user. No prior authentication or special privileges are required; exploitation requires only convincing a user to open the malicious file.

Summary generated and translated by AI from the official description.

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Esri · ArcGIS Desktop Esri · ArcGIS Desktop Background Geoprocessing Esri · ArcGIS Engine Esri · ArcGIS Pro Esri · ArcReader

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster/https://www.zerodayinitiative.com/advisories/ZDI-21-361/https://www.zerodayinitiative.com/advisories/ZDI-21-362/https://www.zerodayinitiative.com/advisories/ZDI-21-372/