A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Link | Resource |
---|---|
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Nov 2024, 16:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021 - Vendor Advisory | |
First Time |
Autodesk
Autodesk autocad Mechanical Autodesk dwg Trueview Autodesk autocad Architecture Autodesk autocad Lt Autodesk autocad Plant 3d Autodesk autocad Autodesk autocad Advance Steel Autodesk autocad Civil 3d Autodesk autocad Electrical Autodesk autocad Mep |
|
CPE | cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* |
01 Nov 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 22:15
Updated : 2024-11-01 16:27
NVD link : CVE-2024-9996
Mitre link : CVE-2024-9996
CVE.ORG link : CVE-2024-9996
JSON object : View
Products Affected
autodesk
- autocad_civil_3d
- autocad_advance_steel
- autocad_plant_3d
- autocad_electrical
- autocad
- autocad_mep
- autocad_architecture
- autocad_mechanical
- dwg_trueview
- autocad_lt
CWE
CWE-787
Out-of-bounds Write