#VU99500 Use of uninitialized resource in Autodesk products - CVE-2024-8896
Published: October 30, 2024 / Updated: November 1, 2024
Vulnerability identifier: #VU99500
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-8896
CWE-ID: CWE-908
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Autodesk AutoCAD
AutoCAD LT
AutoCAD Architecture
AutoCAD Electrical
AutoCAD Mechanical
AutoCAD MEP
AutoCAD Plant 3D
Autodesk Civil 3D
Advance Steel
DWG Trueview
Autodesk AutoCAD
AutoCAD LT
AutoCAD Architecture
AutoCAD Electrical
AutoCAD Mechanical
AutoCAD MEP
AutoCAD Plant 3D
Autodesk Civil 3D
Advance Steel
DWG Trueview
Software vendor:
Autodesk
Autodesk
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in acdb25.dll. A remote attacker can trick a victim to open a specially crafted DXF file, trigger uninitialized usage of resources and bypass implemented security mechanisms.
Remediation
Install updates from vendor's website.