A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
References
Link | Resource |
---|---|
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Jul 2023, 14:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:autodesk:alias:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:vred:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:maya_usd:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* |
|
CWE | CWE-125 CWE-787 |
|
First Time |
Autodesk vred
Autodesk autocad Advance Steel Autodesk alias Autodesk autocad Map 3d Autodesk autocad Lt Autodesk inventor Autodesk autocad Autodesk maya Usd Autodesk autocad Electrical Autodesk autocad Architecture Autodesk Autodesk revit Autodesk autocad Civil 3d Autodesk navisworks Autodesk autocad Mechanical Autodesk infraworks Autodesk autocad Plant 3d Autodesk autocad Mep |
|
References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009 - Vendor Advisory |
23 Jun 2023, 19:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-23 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-25003
Mitre link : CVE-2023-25003
CVE.ORG link : CVE-2023-25003
JSON object : View
Products Affected
autodesk
- navisworks
- alias
- autocad_mep
- revit
- infraworks
- autocad
- vred
- autocad_civil_3d
- autocad_lt
- autocad_plant_3d
- inventor
- maya_usd
- autocad_map_3d
- autocad_advance_steel
- autocad_mechanical
- autocad_architecture
- autocad_electrical