Autodesk Revit Vulnerability Leads to Heap-Based Overflow and Potential Risks
CVE-2024-11608

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Revit
Vendor: CVE Published:; 9 December 2024

What is CVE-2024-11608?

A vulnerability exists in Autodesk Revit where a specially crafted SKP file can trigger a heap-based overflow when the file is linked or imported. This flaw allows an attacker to potentially crash the application or manipulate it to read sensitive information or execute arbitrary code within the privileges of the current user process. It is crucial for users to apply the necessary patches and mitigate risks associated with this vulnerability.

Affected Version(s)

Revit 2025 < 2025.4

References

https://autodesk.com/trust/security-advisories/adsk-sa-20...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Nov 21, 2024