CVE-2015-2002

Name of the Vulnerable Software and Affected Versions ESRI ArcGis Runtime SDK versions prior to 10.2.6-2 for Android

Description The issue allows attackers to execute arbitrary code by leveraging a finalize method in a Serializable class. This is due to the improper passing of an attacker-controlled pointer to a native function.

Recommendations For versions prior to 10.2.6-2, update to version 10.2.6-2 or later to resolve the issue.