A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
History

Fri, 01 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Architecture
Autodesk autocad Civil 3d
Autodesk autocad Electrical
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Microsoft
Microsoft windows
CPEs cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Architecture
Autodesk autocad Civil 3d
Autodesk autocad Electrical
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Microsoft
Microsoft windows

Wed, 30 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 21:30:00 +0000

Type Values Removed Values Added
Description A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Title Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published: 2024-10-29T21:08:53.971Z

Updated: 2024-10-30T15:03:06.010Z

Reserved: 2024-09-09T04:41:53.966Z

Link: CVE-2024-8593

cve-icon Vulnrichment

Updated: 2024-10-30T14:02:36.727Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-29T22:15:06.907

Modified: 2024-11-01T16:18:15.993

Link: CVE-2024-8593

cve-icon Redhat

No data.