A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
The vulnerability occurs during parsing of a maliciously crafted MODEL file by Autodesk AutoCAD. Improper handling of input data leads to a heap-based buffer overflow, which corresponds to CWE-122 and CWE-787 weaknesses (writing out of buffer bounds). An attacker can deliver such a file to the victim, for example via email or a shared network resource, and simply opening the file in the vulnerable application triggers the exploit.
An attacker can cause application crashes (DoS), read sensitive data from process memory, or execute arbitrary code (RCE) in the context of the currently logged-in user.
Apply patches available from the vendor according to the references: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018. It is recommended to immediately update the software to the version indicated by Autodesk. As an additional precautionary measure, exercise special caution when opening MODEL files from untrusted sources.
Autodesk AutoCAD 2023, Autodesk AutoCAD 2024, Autodesk AutoCAD Advance Steel 2023, Autodesk AutoCAD Advance Steel 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAutodesk Autocad
APPAutodesk< 2024.12023.0.0 β 2023.1.4 (bez)2024.0.0 β 2024.1.1 (bez)Autodesk Autocad Advance Steel
APPAutodesk< 2023.1.42024.0.0 β 2024.1.1 (bez)Autodesk Autocad Architecture
APPAutodesk< 2023.1.42024.0.0 β 2024.1.1 (bez)Autodesk Autocad Civil 3d
APPAutodesk< 2023.1.42024.0.0 β 2024.1.1 (bez)Autodesk Autocad Electrical
APPAutodesk< 2023.1.42024.0.0 β 2024.1.1 (bez)Autodesk Autocad Lt
APPAutodesk< 2023.1.4< 2024.12024.0.0 β 2024.1.1 (bez)Autodesk Autocad Map 3d
APPAutodesk< 2023.1.42024.0.0 β 2024.1.1 (bez)Autodesk Autocad Mechanical
APPAutodesk< 2023.1.42024.0.0 β 2024.1.1 (bez)Autodesk Autocad Mep
APPAutodesk< 2023.1.42024.0.0 β 2024.1.1 (bez)Autodesk Autocad Plant 3d
APPAutodesk< 2023.1.42024.0.0 β 2024.1.1 (bez)
Related vulnerabilities
Autodesk AutoCAD β uszkodzenie pamiΔci przy parsowaniu plikΓ³w 3D (RCE)
Autodesk AutoCAD: Out-Of-Bounds Write przy parsowaniu pliku CATPART
Out-Of-Bounds Write w Autodesk AutoCAD przy parsowaniu pliku PRT
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds ...
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Wr...