Headline
CVE-2021-29118: ArcReader General Data Frame Security Update
An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.
Esri has released ArcReader 10.8.2, which resolves two low and one moderate-risk vulnerabilities in ArcReader.
ArcReader 10.8.2 is the last release. We encourage users of ArcReader to transition to the updated alternatives for publishing and sharing map packages with ArcGIS Pro, and workflows using the ArcGIS Pro version of the ArcGIS Publisher extension in conjunction with ArcGIS Field Maps.
In the coming months, the ArcReader product website will be removed along with publicly available downloads. ArcReader software will continue to be available as a download from My Esri. The ArcReader online documentation will remain in place throughout the remainder of the ArcReader Product Support Life Cycle.
Recommendation
We encourage users of ArcReader to transition to the updated alternatives for publishing and sharing map packages with ArcGIS Pro, and workflows using the ArcGIS Pro version of the ArcGIS Publisher extension in conjunction with ArcGIS Field Maps.
Vulnerability Details
We provide the temporal score in addition to the base score to allow our customers to better assess risk of this vulnerability to their operations. Please see Common Vulnerability Scoring System for more information on the definition of these metrics.
- CVE-2021-29117 – Use-After-Free – CWE-416 CVSS 7.8
Common Vulnerability Scoring System (CVSS v3.1) Details
7.8 Base Score, 6.8 Temporal Score
Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- CVE-2021-29112 – Out-of-Bounds Read CWE-125 – CVSS 3.3
Common Vulnerability Scoring System (CVSS v3.1) Details
3.3 Base Score, Temporal Score 2.9
Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
- CVE-2021-29118 – Out-of-Bounds Read CWE-125 – CVSS 3.3
Common Vulnerability Scoring System (CVSS v3.1) Details
3.3 Base Score, Temporal Score 2.9
Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Acknowledgements
Tran Van Khang – khangkito (VinCSS) working with Trend Micro Zero Day Initiative
Related news
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.