A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Metrics
Affected Vendors & Products
References
History
Fri, 01 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Autodesk
Autodesk autocad Autodesk autocad Advance Steel Autodesk autocad Architecture Autodesk autocad Civil 3d Autodesk autocad Electrical Autodesk autocad Lt Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk dwg Trueview |
|
Weaknesses | CWE-787 | |
CPEs | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Autodesk
Autodesk autocad Autodesk autocad Advance Steel Autodesk autocad Architecture Autodesk autocad Civil 3d Autodesk autocad Electrical Autodesk autocad Lt Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk dwg Trueview |
Wed, 30 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 29 Oct 2024 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | |
Title | Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability | |
Weaknesses | CWE-119 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: autodesk
Published: 2024-10-29T21:44:39.027Z
Updated: 2024-11-15T21:38:35.308Z
Reserved: 2024-10-03T18:19:18.769Z
Link: CVE-2024-9489
Vulnrichment
Updated: 2024-10-30T14:02:18.360Z
NVD
Status : Analyzed
Published: 2024-10-29T22:15:08.703
Modified: 2024-11-01T16:27:25.937
Link: CVE-2024-9489
Redhat
No data.