Memory Corruption Vulnerability in Autodesk Navisworks
CVE-2024-12178
7.8HIGH
Key Information:
- Vendor
- Autodesk
- Vendor
- CVE Published:
- 17 December 2024
Summary
CVE-2024-12178 describes a significant memory corruption vulnerability found in Autodesk's Navisworks software. This vulnerability arises when the application processes a maliciously crafted DWFX file. An attacker can exploit this flaw to corrupt memory, which could result in the execution of arbitrary code within the current process. This presents serious security risks, as it could allow an attacker to perform unauthorized actions on the system. Users of Autodesk Navisworks are highly encouraged to apply patches and updates as soon as they are available to mitigate this vulnerability effectively.
Affected Version(s)
Navisworks Freedom 2025 < 2025.4
Navisworks Manage 2025 < 2025.4
Navisworks Simulate 2025 < 2025.4
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved