Memory Corruption Vulnerability in Subassembly Composer from Autodesk
CVE-2022-41305

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Subassembly Composer
Vendor: CVE Published:; 14 October 2022

Summary

A memory corruption vulnerability exists within Autodesk's SubassemblyComposer.exe. When processing a maliciously crafted PKT file, the application is susceptible to a write access violation, potentially leading to significant security risks, including unauthorized code execution within the context of the current process. This flaw emphasizes the importance of maintaining secure coding practices and timely updates to safeguard against exploitation.

Affected Version(s)

Subassembly Composer 2023, 2022, 2021, 2020

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2022
Vulnerability Reserved
Sep 21, 2022