A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Autodesk
Autodesk advance Steel Autodesk autocad Autodesk autocad Architecture Autodesk autocad Electrical Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk civil 3d |
|
Weaknesses | CWE-787 | |
CPEs | cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:* |
|
Vendors & Products |
Autodesk
Autodesk advance Steel Autodesk autocad Autodesk autocad Architecture Autodesk autocad Electrical Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk civil 3d |
Wed, 30 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 29 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | |
Title | Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability | |
Weaknesses | CWE-122 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: autodesk
Published: 2024-10-29T21:03:58.156Z
Updated: 2024-10-30T15:03:53.927Z
Reserved: 2024-09-09T03:01:59.536Z
Link: CVE-2024-8587
Vulnrichment
Updated: 2024-10-30T14:02:44.618Z
NVD
Status : Analyzed
Published: 2024-10-29T21:15:04.990
Modified: 2024-11-07T17:15:24.903
Link: CVE-2024-8587
Redhat
No data.