Memory Corruption Vulnerability in Autodesk Design Review Application
CVE-2022-42944

7.8HIGH

Key Information:

Vendor
Autodesk
Status
Autodesk Design Review
Vendor
CVE Published:
21 October 2022

Summary

A memory corruption vulnerability exists in Autodesk's Design Review application. Specifically, a maliciously crafted dwf or .pct file processed by DesignReview.exe can lead to a read access violation, which, when combined with other vulnerabilities, may result in unauthorized code execution within the context of the current process. This flaw poses a significant risk to users handling graphic files, as exploitation may compromise system integrity.

Affected Version(s)

Autodesk Design Review 2018, 2017, 2013, 2012, 2011

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.