CVE-2024-5509

Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:luxion:keyshot:*:*:*:*:*:*:*:*
cpe:2.3:a:luxion:keyshot_network_rendering:*:*:*:*:*:*:*:*
cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:47

Type Values Removed Values Added
References () https://www.keyshot.com/csirt/ - Vendor Advisory () https://www.keyshot.com/csirt/ - Vendor Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-24-540/ - Third Party Advisory, VDB Entry () https://www.zerodayinitiative.com/advisories/ZDI-24-540/ - Third Party Advisory, VDB Entry

09 Aug 2024, 13:30

Type Values Removed Values Added
References () https://www.keyshot.com/csirt/ - () https://www.keyshot.com/csirt/ - Vendor Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-24-540/ - () https://www.zerodayinitiative.com/advisories/ZDI-24-540/ - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:luxion:keyshot_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:luxion:keyshot_network_rendering:*:*:*:*:*:*:*:*
cpe:2.3:a:luxion:keyshot:*:*:*:*:*:*:*:*
First Time Luxion keyshot Network Rendering
Luxion keyshot
Luxion
Luxion keyshot Viewer

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de ejecución remota de código del elemento de ruta de búsqueda no controlada del análisis de archivos BIP de Luxion KeyShot. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas de Luxion KeyShot. Se requiere la interacción del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una página maliciosa o abrir un archivo malicioso. La falla específica existe en el análisis de archivos BIP. El problema se debe a la carga de una librería desde una ubicación no segura. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del proceso actual. Era ZDI-CAN-22738.

06 Jun 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-06 18:15

Updated : 2024-11-21 09:47


NVD link : CVE-2024-5509

Mitre link : CVE-2024-5509

CVE.ORG link : CVE-2024-5509


JSON object : View

Products Affected

luxion

  • keyshot_network_rendering
  • keyshot_viewer
  • keyshot
CWE
CWE-427

Uncontrolled Search Path Element