Arbitrary Code Execution Vulnerability in Autodesk AutoCAD
CVE-2022-33885

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Utodesk® Autocad®, Advance Steel And Civil 3d®
Vendor: CVE Published:; 3 October 2022

What is CVE-2022-33885?

Autodesk AutoCAD 2022 and 2023 are susceptible to a vulnerability where specially crafted X_B, CATIA, and PDF files can be processed in a manner that allows for writing beyond the designated buffer limits. This flaw can be exploited to execute arbitrary code, potentially compromising system integrity and user data. Affected users are encouraged to follow the security advisory from Autodesk for mitigation strategies.

Affected Version(s)

utodesk® AutoCAD®, Advance Steel and Civil 3D® 2023, 2022

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Jun 16, 2022