This vulnerability in OSGeo Project MapServer before version 8.0 involves DLL Injection, which enables attackers to execute arbitrary code remotely by providing a specially crafted executable. The CVSS 3.1 base score of 9.1 reflects its critical severity, with an attack vector over the network, low attack complexity, no privileges or user interaction needed, and high impact on confidentiality and integrity. The vulnerability is tracked as CWE-94 (Improper Control of Generation of Code). No patch or official remediation guidance is currently available, and no exploits have been observed in the wild.

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the affected system, compromising confidentiality and integrity of the system. This could lead to unauthorized access or control over the affected MapServer instance. Availability impact is not indicated. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is documented, users should monitor the vendor's security advisories for updates. Until a patch is available, consider restricting network access to the MapServer service to trusted sources and applying defense-in-depth controls where possible.