Use-After-Free Vulnerability in Autodesk Navisworks 2022
CVE-2022-27528

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Autodesk Navisworks
Vendor: CVE Published:; 11 April 2022

Summary

A vulnerability exists in Autodesk Navisworks 2022 that can be exploited through maliciously crafted DWFX and SKP files. This use-after-free vulnerability can allow an attacker to trigger unexpected behavior, potentially leading to remote code execution, thus compromising the integrity and confidentiality of the system.

Affected Version(s)

Autodesk Navisworks 2022.1

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Mar 21, 2022