Buffer Overflow Vulnerability in Autodesk FBX-SDK
CVE-2016-9306

9.8CRITICAL

Key Information:

Vendor: Autodesk
Status: Fbx Software Development Kit
Vendor: CVE Published:; 25 January 2017

What is CVE-2016-9306?

Multiple buffer overflow vulnerabilities exist in earlier versions of the Autodesk FBX-SDK before 2017.1. These vulnerabilities can be exploited by attackers when they process or convert specially crafted DAE (Digital Asset Exchange) format files. This could potentially allow unauthorized arbitrary code execution on the affected systems, leading to severe security risks.

References

http://www.autodesk.com/trust/security-advisories/adsk-sa...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95807

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2017
Vulnerability Reserved
Nov 14, 2016