Autodesk AutoCAD Vulnerability allows Malicious Code Execution
CVE-2024-9996
7.8HIGH
Key Information:
- Vendor
- Autodesk
- Vendor
- CVE Published:
- 29 October 2024
Summary
An Out-of-Bounds Write vulnerability exists in Autodesk AutoCAD due to inadequate validation of input when processing maliciously crafted DWG files via the acdb25.dll component. Threat actors can exploit this flaw by crafting specifically designed DWG files that, once opened, can lead to a crash of the application. In addition, the exploitation may allow the attacker to write sensitive data to memory locations, potentially altering program execution flow and executing arbitrary code within the context of the current process. Users are urged to apply security patches promptly to mitigate the risk associated with this flaw.
Affected Version(s)
Advance Steel 2025 < 2025.1.1
Advance Steel 2024 < 2024.1.7
Advance Steel 2023 < 2023.1.7
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published