A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
[
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*"
],
"vendor": "autodesk",
"product": "autocad",
"versions": [
{
"status": "affected",
"version": "2024",
"lessThan": "2024.1.5",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*"
],
"vendor": "autodesk",
"product": "advance_steel",
"versions": [
{
"status": "affected",
"version": "2024",
"lessThan": "2024.1.5",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*"
],
"vendor": "autodesk",
"product": "civil_3d",
"versions": [
{
"status": "affected",
"version": "2024",
"lessThan": "2024.1.5",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]