Autodesk Navisworks Vulnerability Could Lead to Crash, Data Theft or Code Execution
CVE-2024-7670
7.8HIGH
Key Information:
- Vendor
- Autodesk
- Vendor
- CVE Published:
- 30 September 2024
Summary
A vulnerability exists in Autodesk Navisworks that can be exploited when a specially crafted DWFX file is processed by the w3dtk.dll component. This flaw may allow an attacker to induce an Out-of-Bounds Read condition, potentially leading to a crash of the application. Such an event can expose sensitive information or allow malicious code execution within the context of the affected process. Users are advised to apply the latest security patches and follow recommended practices to mitigate risks associated with this vulnerability.
Affected Version(s)
Navisworks Freedom 2025 < 2025.3
Navisworks Freedom 2024 < 2024.3
Navisworks Freedom 2023 < 2023.5
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published