Arbitrary Code Execution Vulnerabilities in eDrawings
CVE-2024-1847

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Edrawings
Vendor: CVE Published:; 28 February 2024

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2024-1847?

Multiple vulnerabilities, including heap-based buffer overflow and memory corruption, have been identified in the file reading procedure of eDrawings from Dassault Systèmes. Affecting releases from 2023 through 2024, these vulnerabilities arise when handling specially crafted file formats such as CATPART, IPT, JT, SAT, STL, STP, X_B, and X_T. Attackers may exploit these weaknesses to execute arbitrary code by manipulating the input files, leading to potential compromise of the affected systems.

Affected Version(s)

eDrawings Release SOLIDWORKS 2023 SP0

eDrawings Release SOLIDWORKS 2024 SP0

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Feb 23, 2024

Credit

Mat Powell of Trend Micro Zero Day Initiative

Francis Provencher {PRL}

rgod