Multiple vulnerabilities in Autodesk AutoCAD products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 29 |
| CVE-ID | CVE-2024-23143 CVE-2024-37006 CVE-2024-37005 CVE-2024-37004 CVE-2024-37003 CVE-2024-37002 CVE-2024-37001 CVE-2024-37000 CVE-2024-23149 CVE-2024-23148 CVE-2024-23147 CVE-2024-23146 CVE-2024-23145 CVE-2024-23144 CVE-2024-23142 CVE-2024-0446 CVE-2024-23141 CVE-2024-23140 CVE-2024-23137 CVE-2024-23134 CVE-2024-23131 CVE-2024-23130 CVE-2024-23129 CVE-2024-23128 CVE-2024-23127 CVE-2024-23123 CVE-2024-23122 CVE-2024-23121 CVE-2024-23120 |
| CWE-ID | CWE-119 CWE-125 CWE-416 CWE-121 CWE-787 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Autodesk AutoCAD Other software / Other software solutions AutoCAD Architecture Client/Desktop applications / Multimedia software AutoCAD Electrical Client/Desktop applications / Multimedia software AutoCAD Map 3D Client/Desktop applications / Multimedia software AutoCAD Mechanical Client/Desktop applications / Multimedia software AutoCAD MEP Client/Desktop applications / Multimedia software AutoCAD Plant 3D Client/Desktop applications / Multimedia software Autodesk Civil 3D Client/Desktop applications / Multimedia software Advance Steel Client/Desktop applications / Multimedia software |
| Vendor | Autodesk |
Security Bulletin
This security bulletin contains information about 29 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU92144
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23143
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-725/
https://www.zerodayinitiative.com/advisories/ZDI-24-722/
https://www.zerodayinitiative.com/advisories/ZDI-24-717/
https://www.zerodayinitiative.com/advisories/ZDI-24-719/
https://www.zerodayinitiative.com/advisories/ZDI-24-712/
https://www.zerodayinitiative.com/advisories/ZDI-24-698/
https://www.zerodayinitiative.com/advisories/ZDI-24-697/
https://www.zerodayinitiative.com/advisories/ZDI-24-696/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU92157
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-37006
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-713/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU92156
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-37005
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-771/
https://www.zerodayinitiative.com/advisories/ZDI-24-958/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU92155
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-37004
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing files. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-756/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stack-based buffer overflow
EUVDB-ID: #VU92154
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-37003
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing files. A remote attacker can trick the victim to open a specially crafted file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-737/
https://www.zerodayinitiative.com/advisories/ZDI-24-683/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU92153
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-37002
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-721/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU92152
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-37001
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-716/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU92151
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-37000
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-749/
https://www.zerodayinitiative.com/advisories/ZDI-24-748/
https://www.zerodayinitiative.com/advisories/ZDI-24-740/
https://www.zerodayinitiative.com/advisories/ZDI-24-718/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU92150
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23149
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-744/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU92149
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23148
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU92148
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23147
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-772/
https://www.zerodayinitiative.com/advisories/ZDI-24-750/
https://www.zerodayinitiative.com/advisories/ZDI-24-709/
https://www.zerodayinitiative.com/advisories/ZDI-24-961/
https://www.zerodayinitiative.com/advisories/ZDI-24-964/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds write
EUVDB-ID: #VU92147
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23146
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-731/
https://www.zerodayinitiative.com/advisories/ZDI-24-730/
https://www.zerodayinitiative.com/advisories/ZDI-24-729/
https://www.zerodayinitiative.com/advisories/ZDI-24-728/
https://www.zerodayinitiative.com/advisories/ZDI-24-708/
https://www.zerodayinitiative.com/advisories/ZDI-24-690/
https://www.zerodayinitiative.com/advisories/ZDI-24-962/
https://www.zerodayinitiative.com/advisories/ZDI-24-963/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU92146
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-703/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU92145
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23144
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-699/
https://www.zerodayinitiative.com/advisories/ZDI-24-692/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU92143
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23142
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-726/
https://www.zerodayinitiative.com/advisories/ZDI-24-715/
https://www.zerodayinitiative.com/advisories/ZDI-24-714/
https://www.zerodayinitiative.com/advisories/ZDI-24-705/
https://www.zerodayinitiative.com/advisories/ZDI-24-693/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds write
EUVDB-ID: #VU92131
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-0446
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ASMKERN228A.dll and ASMdatax229A.dll. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-742/
https://www.zerodayinitiative.com/advisories/ZDI-24-741/
https://www.zerodayinitiative.com/advisories/ZDI-24-723/
https://www.zerodayinitiative.com/advisories/ZDI-24-710/
https://www.zerodayinitiative.com/advisories/ZDI-24-701/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU92142
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23141
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-724/
https://www.zerodayinitiative.com/advisories/ZDI-24-700/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU92141
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23140
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-711/
https://www.zerodayinitiative.com/advisories/ZDI-24-704/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU92140
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23137
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-745/
https://www.zerodayinitiative.com/advisories/ZDI-24-734/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds write
EUVDB-ID: #VU92159
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23134
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CC5Dll.dll and ASMBASE228A.dll. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-739/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU92139
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23131
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-773/
https://www.zerodayinitiative.com/advisories/ZDI-24-770/
https://www.zerodayinitiative.com/advisories/ZDI-24-768/
https://www.zerodayinitiative.com/advisories/ZDI-24-766/
https://www.zerodayinitiative.com/advisories/ZDI-24-765/
https://www.zerodayinitiative.com/advisories/ZDI-24-764/
https://www.zerodayinitiative.com/advisories/ZDI-24-763/
https://www.zerodayinitiative.com/advisories/ZDI-24-762/
https://www.zerodayinitiative.com/advisories/ZDI-24-761/
https://www.zerodayinitiative.com/advisories/ZDI-24-760/
https://www.zerodayinitiative.com/advisories/ZDI-24-759/
https://www.zerodayinitiative.com/advisories/ZDI-24-758/
https://www.zerodayinitiative.com/advisories/ZDI-24-757/
https://www.zerodayinitiative.com/advisories/ZDI-24-754/
https://www.zerodayinitiative.com/advisories/ZDI-24-752/
https://www.zerodayinitiative.com/advisories/ZDI-24-751/
https://www.zerodayinitiative.com/advisories/ZDI-24-747/
https://www.zerodayinitiative.com/advisories/ZDI-24-746/
https://www.zerodayinitiative.com/advisories/ZDI-24-743/
https://www.zerodayinitiative.com/advisories/ZDI-24-720/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU92138
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23130
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-769/
https://www.zerodayinitiative.com/advisories/ZDI-24-753/
https://www.zerodayinitiative.com/advisories/ZDI-24-736/
https://www.zerodayinitiative.com/advisories/ZDI-24-732/
https://www.zerodayinitiative.com/advisories/ZDI-24-694/
https://www.zerodayinitiative.com/advisories/ZDI-24-689/
https://www.zerodayinitiative.com/advisories/ZDI-24-688/
https://www.zerodayinitiative.com/advisories/ZDI-24-686/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU92137
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23129
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-774/
https://www.zerodayinitiative.com/advisories/ZDI-24-727/
https://www.zerodayinitiative.com/advisories/ZDI-24-691/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU92136
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23128
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-706/
https://www.zerodayinitiative.com/advisories/ZDI-24-702/
https://www.zerodayinitiative.com/advisories/ZDI-24-684/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Heap-based buffer overflow
EUVDB-ID: #VU92135
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23127
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-755/
https://www.zerodayinitiative.com/advisories/ZDI-24-738/
https://www.zerodayinitiative.com/advisories/ZDI-24-735/
https://www.zerodayinitiative.com/advisories/ZDI-24-733/
https://www.zerodayinitiative.com/advisories/ZDI-24-687/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU92134
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23123
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-707/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU92133
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23122
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-695/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds write
EUVDB-ID: #VU92158
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23121
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in libodxdll.dll. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds write
EUVDB-ID: #VU92132
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-23120
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: before
AutoCAD Architecture: before 2024.1.4
AutoCAD Electrical: before 2024.1.4
AutoCAD Map 3D: before 2024.1.4
AutoCAD Mechanical: before 2024.1.4
AutoCAD MEP: before 2024.1.4
AutoCAD Plant 3D: before 2024.1.4
Autodesk Civil 3D: before 2024.1.4
Advance Steel: before 2024.1.4
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
https://www.zerodayinitiative.com/advisories/ZDI-24-775/
https://www.zerodayinitiative.com/advisories/ZDI-24-767/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
