A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
History

Fri, 01 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Architecture
Autodesk autocad Civil 3d
Autodesk autocad Electrical
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Microsoft
Microsoft windows
Weaknesses CWE-787
CPEs cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Architecture
Autodesk autocad Civil 3d
Autodesk autocad Electrical
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Microsoft
Microsoft windows

Wed, 30 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 21:30:00 +0000

Type Values Removed Values Added
Description A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Title Autodesk AutoCAD ACTranslators STP File Parsing Memory Corruption Code Execution Vulnerability
Weaknesses CWE-119
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published: 2024-10-29T21:13:32.979Z

Updated: 2024-10-30T15:02:07.007Z

Reserved: 2024-09-09T05:07:41.856Z

Link: CVE-2024-8599

cve-icon Vulnrichment

Updated: 2024-10-30T14:02:27.524Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-29T22:15:08.130

Modified: 2024-11-01T16:17:25.073

Link: CVE-2024-8599

cve-icon Redhat

No data.