Arbitrary Code Execution Vulnerabilities in eDrawings
CVE-2024-1847

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Edrawings
Vendor: CVE Published:; 28 February 2024

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2024-1847?

Multiple vulnerabilities, including heap-based buffer overflow and memory corruption, have been identified in the file reading procedure of eDrawings from Dassault Systèmes. Affecting releases from 2023 through 2024, these vulnerabilities arise when handling specially crafted file formats such as CATPART, IPT, JT, SAT, STL, STP, X_B, and X_T. Attackers may exploit these weaknesses to execute arbitrary code by manipulating the input files, leading to potential compromise of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

eDrawings Release SOLIDWORKS 2023 SP0

eDrawings Release SOLIDWORKS 2024 SP0

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Feb 23, 2024

Credit

Mat Powell of Trend Micro Zero Day Initiative

Francis Provencher {PRL}

rgod

JSON

Dassault Systèmes

What is CVE-2024-1847?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.