Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
CVE-2023-2762

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Solidworks Desktop
Vendor: CVE Published:; 12 July 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-2762?

A Use-After-Free vulnerability has been identified in the SLDPRT file reading procedure of SOLIDWORKS Desktop, impacting versions from 2021 to 2023. This vulnerability may allow an attacker to execute arbitrary code upon opening a specially crafted SLDPRT file, posing risks to users' systems and data integrity. Proper security measures should be taken to mitigate potential exploitation of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SOLIDWORKS Desktop Release SOLIDWORKS 2021 Golden

SOLIDWORKS Desktop Release SOLIDWORKS 2022 Golden

SOLIDWORKS Desktop Release SOLIDWORKS 2023 Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
May 17, 2023

Credit

Mat Powell from Trend Micro's Zero Day Initiative

JSON

Dassault Systèmes

What is CVE-2023-2762?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.