Memory Corruption Vulnerability in Autodesk Design Review
CVE-2021-40167

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Autodesk® Design Review
Vendor: CVE Published:; 25 January 2022

What is CVE-2021-40167?

The vulnerability allows specially crafted DWF or PCT files to be processed by the DesignReview.exe application, resulting in a memory corruption issue due to read access violations. This flaw may be exploited in conjunction with other vulnerabilities, potentially enabling arbitrary code execution within the context of the affected application. Organizations using Autodesk Design Review should assess their exposure to risk and apply necessary mitigations.

Affected Version(s)

Autodesk® Design Review 2018

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Aug 27, 2021