The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.
References
Link | Resource |
---|---|
https://alephsecurity.com/vulns/aleph-2015003 | Third Party Advisory |
https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf | Technical Description Third Party Advisory |
https://alephsecurity.com/vulns/aleph-2015003 | Third Party Advisory |
https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf | Technical Description Third Party Advisory |
Configurations
History
21 Nov 2024, 02:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://alephsecurity.com/vulns/aleph-2015003 - Third Party Advisory | |
References | () https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf - Technical Description, Third Party Advisory |
Information
Published : 2018-03-29 18:29
Updated : 2024-11-21 02:26
NVD link : CVE-2015-2002
Mitre link : CVE-2015-2002
CVE.ORG link : CVE-2015-2002
JSON object : View
Products Affected
esri
- arcgisruntime_sdk
CWE
CWE-118
Incorrect Access of Indexable Resource ('Range Error')