Lucene search

[email protected]NVD:CVE-2024-23159

HistoryJun 25, 2024 - 4:15 a.m.

CVE-2024-23159

2024-06-2504:15:14

CWE-457

[email protected]

web.nvd.nist.gov

craft file autodesk

code execution

stp vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.9%

JSON

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.9%

JSON

Related for NVD:CVE-2024-23159

cvelist1 vulnrichment1 cve1 zdi1 nessus1