Attack on Autodesk Revit via Maliciously Crafted DLL File
CVE-2024-11454
7.8HIGH
Key Information
- Vendor
- Autodesk
- Status
- Revit
- Vendor
- CVE Published:
- 9 December 2024
Summary
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
Affected Version(s)
Revit = 2025
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database