Autodesk Navisworks Vulnerability - Out-of-Bounds Write Risk
CVE-2024-7671

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Navisworks Freedom; Navisworks Simulate; Navisworks Manage
Vendor: CVE Published:; 30 September 2024

Summary

An Out-of-Bounds Write vulnerability exists in Autodesk Navisworks that may be exploited through maliciously crafted DWFX files parsed by the dwfcore.dll module. This flaw permits an attacker to trigger unexpected behavior in the application, including crashes, sensitivity exposure, or arbitrary code execution within the current process's context. Due to the nature of this vulnerability, proper handling of user input and rigorous validation processes are essential to prevent exploitation.

Affected Version(s)

Navisworks Freedom 2025 < 2025.3

Navisworks Freedom 2024 < 2024.3

Navisworks Freedom 2023 < 2023.5

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2024