eDrawings vulnerable to Heap-based Buffer Overflow and Uninitialized Variable exploits
CVE-2024-10204

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Edrawings
Vendor: CVE Published:; 19 November 2024

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2024-10204?

This vulnerability arises from heap-based buffer overflow and uninitialized variable issues found within the X_B and SAT file reading procedure of eDrawings. Specifically affecting versions from Release SOLIDWORKS 2024 to Release SOLIDWORKS 2025, these flaws can be exploited by attackers through specially crafted X_B or SAT files, potentially leading to arbitrary code execution when such files are opened. Users are urged to apply the necessary updates to mitigate these security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

eDrawings Release SOLIDWORKS 2024 SP0

eDrawings Release SOLIDWORKS 2025 SP0

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024
Vulnerability Reserved
Oct 21, 2024

Credit

Mat Powell of Trend Micro Zero Day Initiative

Andrea Micalizzi aka rgod (@rgod777) working with Trend Micro Zero Day Initiative

JSON

Dassault Systèmes

What is CVE-2024-10204?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.