Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
CVE-2023-2762

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Solidworks Desktop
Vendor: CVE Published:; 12 July 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-2762?

A Use-After-Free vulnerability has been identified in the SLDPRT file reading procedure of SOLIDWORKS Desktop, impacting versions from 2021 to 2023. This vulnerability may allow an attacker to execute arbitrary code upon opening a specially crafted SLDPRT file, posing risks to users' systems and data integrity. Proper security measures should be taken to mitigate potential exploitation of this vulnerability.

Affected Version(s)

SOLIDWORKS Desktop Release SOLIDWORKS 2021 Golden

SOLIDWORKS Desktop Release SOLIDWORKS 2022 Golden

SOLIDWORKS Desktop Release SOLIDWORKS 2023 Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
May 17, 2023

Credit

Mat Powell from Trend Micro's Zero Day Initiative