CVE-2024-23125

2024-02-2203:15:08

CWE-121

autodesk

web.nvd.nist.gov

3361

cve-2024-23125

sldprt file

stack-based overflow

autodesk autocad

nvd

vulnerability

security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk AutoCAD can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "AutoCAD, Advance Steel and Civil 3D",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "2024, 2023, 2022, 2021"
      }
    ]
  }
]