Improper Handling Vulnerability in Autodesk FBX-SDK Affects File Processing
CVE-2016-9305

9.8CRITICAL

Key Information:

Vendor: Autodesk
Status: Fbx Software Development Kit
Vendor: CVE Published:; 25 January 2017

Summary

The Autodesk FBX-SDK versions prior to 2017.1 contains an improper handling vulnerability that arises from type mismatches and previously deleted objects while reading and converting malformed FBX format files. This flaw may allow malicious actors to manipulate file processing, potentially leading to the exposure of uninitialized pointers, which can be exploited to gain unauthorized access and perform advanced attacks.

References

http://www.autodesk.com/trust/security-advisories/adsk-sa...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95803

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2017
Vulnerability Reserved
Nov 14, 2016