A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Link | Resource |
---|---|
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Nov 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 - Vendor Advisory | |
CPE | cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:* |
|
First Time |
Autodesk autocad Mep
Autodesk autocad Autodesk autocad Map 3d Autodesk autocad Mechanical Autodesk autocad Lt Autodesk autocad Civil 3d Autodesk autocad Plant 3d Autodesk Autodesk autocad Architecture Autodesk autocad Electrical Autodesk autocad Advance Steel |
23 Nov 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-23 04:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-29075
Mitre link : CVE-2023-29075
CVE.ORG link : CVE-2023-29075
JSON object : View
Products Affected
autodesk
- autocad_plant_3d
- autocad_architecture
- autocad_map_3d
- autocad_mechanical
- autocad_lt
- autocad_electrical
- autocad_advance_steel
- autocad
- autocad_mep
- autocad_civil_3d
CWE
CWE-787
Out-of-bounds Write