CVE-2024-23127

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23127
A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll when parsed through Autodesk AutoCAD can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS

No CVSS.

References
Link Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004
Configurations

No configuration.

History

18 Mar 2024, 00:15

Type Values Removed Values Added
References
  • () https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 -
Summary (en) A maliciously crafted MODEL, SLDPRT or SLDASM file when parsed VCRUNTIME140.dll through Autodesk AutoCAD can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. (en) A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll when parsed through Autodesk AutoCAD can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

22 Feb 2024, 19:07

Type Values Removed Values Added
Summary
  • (es) Un archivo MODEL, SLDPRT o SLDASM creado con fines malintencionados cuando se analiza VCRUNTIME140.dll a través de Autodesk AutoCAD se puede utilizar para provocar un desbordamiento de búfer de almacenamiento dinámico. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar código arbitrario en el contexto del proceso actual.

22 Feb 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-22 03:15

Updated : 2024-03-18 00:15

NVD link : CVE-2024-23127

Mitre link : CVE-2024-23127

CVE.ORG link : CVE-2024-23127

JSON object : View

Products Affected

No product.

CWE
CWE-122

Heap-based Buffer Overflow