CVE-2024-23124

A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS

No CVSS.

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004

Configurations

No configuration.

History

13 Mar 2024, 15:15

Type	Values Removed	Values Added
References		() https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 -
Summary	(en) A maliciously crafted STP file when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.	(en) A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

22 Feb 2024, 19:07

Type	Values Removed	Values Added
Summary		(es) Un archivo STP creado con fines malintencionados cuando se analiza en ASMIMPORT228A.dll a través de Autodesk AutoCAD puede forzar una escritura fuera de los límites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, escribir datos confidenciales o ejecutar código arbitrario en el contexto del proceso actual.

22 Feb 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-22 03:15

Updated : 2024-03-13 15:15

NVD link : CVE-2024-23124

Mitre link : CVE-2024-23124

CVE.ORG link : CVE-2024-23124

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

JSON object

Attach tags to CVE-2024-23124

Attach tags to `CVE-2024-23124`