A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Nov 2023, 15:48
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-119 | |
| CPE | cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:* |
|
| First Time |
Autodesk autocad Mep
Autodesk autocad Autodesk autocad Map 3d Autodesk autocad Mechanical Autodesk autocad Lt Autodesk autocad Civil 3d Autodesk autocad Plant 3d Autodesk Autodesk autocad Architecture Autodesk autocad Electrical Autodesk autocad Advance Steel |
|
| References | () https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 - Vendor Advisory |
23 Nov 2023, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-23 04:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-41139
Mitre link : CVE-2023-41139
CVE.ORG link : CVE-2023-41139
JSON object : View
Products Affected
autodesk
- autocad_plant_3d
- autocad_architecture
- autocad_map_3d
- autocad_mechanical
- autocad_lt
- autocad_electrical
- autocad_advance_steel
- autocad
- autocad_mep
- autocad_civil_3d