A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Nov 2024, 16:27
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Autodesk autocad Mechanical
Autodesk autocad Advance Steel Autodesk dwg Trueview Autodesk autocad Civil 3d Autodesk autocad Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk autocad Architecture Autodesk Autodesk autocad Electrical Autodesk autocad Lt |
|
| CPE | cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* |
|
| CWE | CWE-787 | |
| References | () https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021 - Vendor Advisory |
01 Nov 2024, 12:57
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
29 Oct 2024, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-10-29 22:15
Updated : 2024-11-01 16:27
NVD link : CVE-2024-9489
Mitre link : CVE-2024-9489
CVE.ORG link : CVE-2024-9489
JSON object : View
Products Affected
autodesk
- autocad_advance_steel
- autocad_civil_3d
- dwg_trueview
- autocad_mep
- autocad_architecture
- autocad_mechanical
- autocad_electrical
- autocad
- autocad_lt
- autocad_plant_3d