eDrawings vulnerable to Heap-based Buffer Overflow and Uninitialized Variable exploits
CVE-2024-10204

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Edrawings
Vendor: CVE Published:; 19 November 2024

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2024-10204?

This vulnerability arises from heap-based buffer overflow and uninitialized variable issues found within the X_B and SAT file reading procedure of eDrawings. Specifically affecting versions from Release SOLIDWORKS 2024 to Release SOLIDWORKS 2025, these flaws can be exploited by attackers through specially crafted X_B or SAT files, potentially leading to arbitrary code execution when such files are opened. Users are urged to apply the necessary updates to mitigate these security risks.

Affected Version(s)

eDrawings Release SOLIDWORKS 2024 SP0

eDrawings Release SOLIDWORKS 2025 SP0

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2024
Vulnerability Reserved
Oct 21, 2024

Credit

Mat Powell of Trend Micro Zero Day Initiative

Andrea Micalizzi aka rgod (@rgod777) working with Trend Micro Zero Day Initiative