Remote Code Execution Flaw in DesignReview Application by Autodesk
CVE-2022-27864

8.8HIGH

Key Information:

Vendor: Autodesk
Status: Autodesk Design Review
Vendor: CVE Published:; 29 July 2022

Summary

A Double Free vulnerability in the Autodesk DesignReview application allows remote attackers to execute arbitrary code. This vulnerability is triggered when a user visits a malicious webpage or opens a compromised PDF file. The flaw enables an attacker to exploit memory management issues, leading to potential code execution in affected installations. Proper security measures should be implemented to mitigate risks associated with this vulnerability.

Affected Version(s)

Autodesk Design Review 2018, 2017, 2013, 2012, 2011

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 29, 2022
Vulnerability Reserved
Mar 25, 2022