DLL Preloading Vulnerability in Autodesk Software Products
CVE-2019-7364

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Autodesk Advanced Steel, Civil 3d, Autocad, Autocad Lt, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Autocad P&id
Vendor: CVE Published:; 23 August 2019

Summary

A DLL preloading vulnerability exists in multiple versions of Autodesk products, including AutoCAD. This vulnerability can be exploited if an attacker convinces a user to open a malicious DWG file, leading to unintended code execution due to the improper handling of dynamic link libraries. Users are advised to ensure that their systems are running the latest versions and to follow proper security practices to mitigate potential risks.

Affected Version(s)

Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P&ID 2017, 2018, 2019, 2020

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2019
Vulnerability Reserved
Feb 4, 2019