Autodesk Navisworks Vulnerability Allows for Use-After-Free and Execution of Arbitrary Code
CVE-2024-7675

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Navisworks Freedom; Navisworks Simulate; Navisworks Manage
Vendor: CVE Published:; 30 September 2024

Summary

This vulnerability arises from a flaw in the handling of a maliciously crafted DWF file within the w3dtk.dll component of Autodesk Navisworks. When such a file is parsed, it can trigger a Use-After-Free condition. This issue can be exploited by an attacker to crash the application or potentially execute arbitrary code within the context of the current process. Users and administrators of Autodesk Navisworks should be aware of this vulnerability and implement necessary security measures to mitigate any risks associated with processing DWF files.

Affected Version(s)

Navisworks Freedom 2025

Navisworks Freedom 2024

Navisworks Freedom 2023

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2024