A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
History

Fri, 01 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Architecture
Autodesk autocad Civil 3d
Autodesk autocad Electrical
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Microsoft
Microsoft windows
Weaknesses CWE-787
CPEs cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Architecture
Autodesk autocad Civil 3d
Autodesk autocad Electrical
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Microsoft
Microsoft windows

Wed, 30 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 21:30:00 +0000

Type Values Removed Values Added
Description A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Weaknesses CWE-119
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published: 2024-10-29T21:14:01.152Z

Updated: 2024-10-30T15:01:58.383Z

Reserved: 2024-09-09T05:11:47.491Z

Link: CVE-2024-8600

cve-icon Vulnrichment

Updated: 2024-10-30T14:02:25.985Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-29T22:15:08.330

Modified: 2024-11-01T16:17:19.680

Link: CVE-2024-8600

cve-icon Redhat

No data.