Buffer Overflow Vulnerability in Autodesk Products
CVE-2021-27040

3.3LOW

Key Information:

Vendor
Autodesk
Status
Autodesk Advanced Steel, Civil 3d, Autocad, Autocad Lt, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d
Vendor
CVE Published:
25 June 2021

Summary

A vulnerability exists in Autodesk products when processing maliciously crafted DWG files. The issue allows an attacker to read memory beyond allocated boundaries, leading to potential arbitrary code execution. Trusted input validation is compromised, enhancing the risk of manipulation by malicious entities and making it crucial for users to apply appropriate patches to safeguard their systems.

Affected Version(s)

Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D 2022, 2021, 2020, 2019

References

https://www.autodesk.com/trust/security-advisories/adsk-s...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1238/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1236/
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.