Lucene search

[email protected]NVD:CVE-2021-27034

HistoryJul 09, 2021 - 3:15 p.m.

CVE-2021-27034

2021-07-0915:15:07

CWE-787

[email protected]

web.nvd.nist.gov

autodesk

design review

buffer overflow

heap-based

arbitrary code

vulnerability

exploit

pict

pcx

rcl

tiff

2018

2017

2013

2012

2011

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.9%

JSON

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

Affected configurations

Nvd

Node

autodeskdesign_reviewMatch2011

autodeskdesign_reviewMatch2012

autodeskdesign_reviewMatch2013

autodeskdesign_reviewMatch2017

autodeskdesign_reviewMatch2018

VendorProductVersionCPE
autodeskdesign_review2011cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*
autodeskdesign_review2012cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*
autodeskdesign_review2013cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*
autodeskdesign_review2017cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*
autodeskdesign_review2018cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
autodesk	design_review	2011	cpe:2.3:a:autodesk:design_review:2011:::::::*
autodesk	design_review	2012	cpe:2.3:a:autodesk:design_review:2012:::::::*
autodesk	design_review	2013	cpe:2.3:a:autodesk:design_review:2013:::::::*
autodesk	design_review	2017	cpe:2.3:a:autodesk:design_review:2017:::::::*
autodesk	design_review	2018	cpe:2.3:a:autodesk:design_review:2018:::::::*

References

www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003

www.zerodayinitiative.com/advisories/ZDI-21-1125/

www.zerodayinitiative.com/advisories/ZDI-21-1126/

www.zerodayinitiative.com/advisories/ZDI-21-1127/

www.zerodayinitiative.com/advisories/ZDI-21-1128/

www.zerodayinitiative.com/advisories/ZDI-21-1129/

www.zerodayinitiative.com/advisories/ZDI-21-1130/

www.zerodayinitiative.com/advisories/ZDI-21-1131/

www.zerodayinitiative.com/advisories/ZDI-21-1132/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.9%

JSON

Related for NVD:CVE-2021-27034

zdi16 cvelist1 prion1 cnvd1 cve1 nessus1