Risk | High |
Patch available | YES |
Number of vulnerabilities | 6 |
CVE-ID | CVE-2024-7991 CVE-2024-7992 CVE-2024-8896 CVE-2024-9489 CVE-2024-9996 CVE-2024-9997 |
CWE-ID | CWE-787 CWE-121 CWE-908 CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Autodesk AutoCAD Other software / Other software solutions AutoCAD LT Client/Desktop applications / Multimedia software AutoCAD Architecture Client/Desktop applications / Multimedia software AutoCAD Electrical Client/Desktop applications / Multimedia software AutoCAD Mechanical Client/Desktop applications / Multimedia software AutoCAD MEP Client/Desktop applications / Multimedia software AutoCAD Plant 3D Client/Desktop applications / Multimedia software Autodesk Civil 3D Client/Desktop applications / Multimedia software Advance Steel Client/Desktop applications / Multimedia software DWG Trueview Client/Desktop applications / Multimedia software |
Vendor | Autodesk |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU99498
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-7991
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DWG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025
AutoCAD LT: 2025
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
DWG Trueview: 2025
CPE2.3http://autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99499
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-7992
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted DWG file, trick the victim into opening it using the affected software, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025
AutoCAD LT: 2025
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
DWG Trueview: 2025
CPE2.3http://autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99500
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8896
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in acdb25.dll. A remote attacker can trick a victim to open a specially crafted DXF file, trigger uninitialized usage of resources and bypass implemented security mechanisms.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025
AutoCAD LT: 2025
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
DWG Trueview: 2025
CPE2.3http://autodesk.com/trust/security-advisories/adsk-sa-2024-0021
http://www.zerodayinitiative.com/advisories/ZDI-24-1426/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99501
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-9489
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ACAD.exe. A remote attacker can create a specially crafted DWG file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025
AutoCAD LT: 2025
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
DWG Trueview: 2025
CPE2.3http://autodesk.com/trust/security-advisories/adsk-sa-2024-0021
http://www.zerodayinitiative.com/advisories/ZDI-24-1425/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99502
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-9996
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in acdb25.dll. A remote attacker can create a specially crafted DWG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025
AutoCAD LT: 2025
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
DWG Trueview: 2025
CPE2.3http://autodesk.com/trust/security-advisories/adsk-sa-2024-0021
http://www.zerodayinitiative.com/advisories/ZDI-24-1424/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99503
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-9997
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in acdb25.dll. A remote attacker can create a specially crafted DWG file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025
AutoCAD LT: 2025
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
DWG Trueview: 2025
CPE2.3http://autodesk.com/trust/security-advisories/adsk-sa-2024-0021
http://www.zerodayinitiative.com/advisories/ZDI-24-1423/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.