Privilege Escalation Vulnerability in Autodesk Installer
CVE-2023-27908

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Autodesk Installer
Vendor: CVE Published:; 23 June 2023

What is CVE-2023-27908?

A vulnerability exists in the Autodesk Installer where a specially crafted DLL file can cause the application to write beyond its allocated memory boundaries. This flaw permits an attacker to escalate privileges on the system, potentially leading to unauthorized access and control. Users are advised to review the security advisory for updates and mitigation strategies.

Affected Version(s)

Autodesk installer 1.29.0.90 or later, included with 2023 and 2024 product installs

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Mar 7, 2023