CVE-2021-40161

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

CVSS v3 7.8 HIGH
CVSS v2.0 4.4 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010	Patch Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:revit::::::::
	cpe:2.3:a:autodesk:revit::::::::
	cpe:2.3:a:autodesk:revit::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:autodesk:navisworks::::::::
	cpe:2.3:a:autodesk:navisworks::::::::
	cpe:2.3:a:autodesk:navisworks::::::::
	cpe:2.3:a:autodesk:navisworks::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:autodesk:autocad::::::::
	cpe:2.3:a:autodesk:autocad::::::::
	cpe:2.3:a:autodesk:autocad::::::::
	cpe:2.3:a:autodesk:autocad::::::::

Configuration 5 (hide)

OR	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::

Configuration 6 (hide)

OR	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::

Configuration 7 (hide)

OR	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::

Configuration 8 (hide)

OR	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::

Configuration 9 (hide)

OR	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::

Configuration 10 (hide)

OR	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::

Configuration 11 (hide)

OR	cpe:2.3:a:autodesk:autocad_lt::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::::

Configuration 12 (hide)

OR	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::

Configuration 13 (hide)

OR	cpe:2.3:a:autodesk:autocad::::::macos::*
	cpe:2.3:a:autodesk:autocad:2020:::::macos::
	cpe:2.3:a:autodesk:autocad:2021:::::macos::
	cpe:2.3:a:autodesk:autocad:2022:::::macos::

Configuration 14 (hide)

OR	cpe:2.3:a:autodesk:autocad_lt::::::macos::*
	cpe:2.3:a:autodesk:autocad_lt:2020:::::macos::
	cpe:2.3:a:autodesk:autocad_lt:2021:::::macos::

Configuration 15 (hide)

OR	cpe:2.3:a:autodesk:design_review:2018:-::::::
	cpe:2.3:a:autodesk:design_review:2018:hotfix::::::
	cpe:2.3:a:autodesk:design_review:2018:hotfix2::::::
	cpe:2.3:a:autodesk:design_review:2018:hotfix3::::::
	cpe:2.3:a:autodesk:design_review:2018:hotfix4::::::

History

21 Nov 2024, 06:23

Type	Values Removed	Values Added
References	~~() https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 - Patch, Vendor Advisory~~	() https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 - Patch, Vendor Advisory

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-427~~	CWE-787

05 Jun 2022, 04:03

Type	Values Removed	Values Added
CPE	cpe:2.3:a:autodesk:navisworks:2021:::::::* cpe:2.3:a:autodesk:advance_steel:2021:::::::* cpe:2.3:a:autodesk:navisworks:2020:::::::* cpe:2.3:a:autodesk:autocad_electrical:2019:::::::* cpe:2.3:a:autodesk:autocad_electrical:2022:::::::* cpe:2.3:a:autodesk:autocad_mechanical:2020:::::::* cpe:2.3:a:autodesk:autocad_plant_3d:2020:::::::* cpe:2.3:a:autodesk:autocad_map_3d:2020:::::::* cpe:2.3:a:autodesk:autocad_mep:2022:::::::* cpe:2.3:a:autodesk:autocad:2020:::::::* cpe:2.3:a:autodesk:advance_steel:2022:::::::* cpe:2.3:a:autodesk:autocad_plant_3d:2022:::::::* cpe:2.3:a:autodesk:autocad_electrical:2020:::::::* cpe:2.3:a:autodesk:revit:2022:::::::* cpe:2.3:a:autodesk:autocad_plant_3d:2019:::::::* cpe:2.3:a:autodesk:autocad_architecture:2021:::::::* cpe:2.3:a:autodesk:autocad_mep:2019:::::::* cpe:2.3:a:autodesk:autocad_architecture:2022:::::::* cpe:2.3:a:autodesk:autocad_map_3d:2019:::::::* cpe:2.3:a:autodesk:autocad_mechanical:2021:::::::* cpe:2.3:a:autodesk:autocad_mechanical:2022:::::::* cpe:2.3:a:autodesk:navisworks:2022:::::::* cpe:2.3:a:autodesk:autocad_lt:2019:::::::* cpe:2.3:a:autodesk:advance_steel:2019:::::::* cpe:2.3:a:autodesk:autocad_lt:2020:::::::* cpe:2.3:a:autodesk:autocad_map_3d:2022:::::::* cpe:2.3:a:autodesk:civil_3d:2022:::::::* cpe:2.3:a:autodesk:autocad_plant_3d:2021:::::::* cpe:2.3:a:autodesk:civil_3d:2020:::::::* cpe:2.3:a:autodesk:autocad_mep:2020:::::::* cpe:2.3:a:autodesk:autocad:2019:::::::* cpe:2.3:a:autodesk:autocad:2022:::::::* cpe:2.3:a:autodesk:autocad:2021:::::::* cpe:2.3:a:autodesk:autocad_architecture:2020:::::::* cpe:2.3:a:autodesk:navisworks:2019:::::::* cpe:2.3:a:autodesk:revit:2021:::::::* cpe:2.3:a:autodesk:autocad_map_3d:2021:::::::* cpe:2.3:a:autodesk:autocad_lt:2022:::::::* cpe:2.3:a:autodesk:autocad_architecture:2019:::::::* cpe:2.3:a:autodesk:autocad_mep:2021:::::::* cpe:2.3:a:autodesk:autocad_mechanical:2019:::::::* cpe:2.3:a:autodesk:autocad_lt:2021:::::::* cpe:2.3:a:autodesk:revit:2020:::::::* cpe:2.3:a:autodesk:autocad_lt:2022:::::macos:: cpe:2.3:a:autodesk:autocad_electrical:2021:::::::* cpe:2.3:a:autodesk:civil_3d:2019:::::::* cpe:2.3:a:autodesk:civil_3d:2021:::::::* cpe:2.3:a:autodesk:advance_steel:2020:::::::*	cpe:2.3:a:autodesk:autocad_electrical:::::::: cpe:2.3:a:autodesk:design_review:2018:hotfix4:::::: cpe:2.3:a:autodesk:design_review:2018:-:::::: cpe:2.3:a:autodesk:advance_steel:::::::: cpe:2.3:a:autodesk:civil_3d:::::::: cpe:2.3:a:autodesk:design_review:2018:hotfix:::::: cpe:2.3:a:autodesk:autocad:::::::: cpe:2.3:a:autodesk:navisworks:::::::: cpe:2.3:a:autodesk:autocad_lt::::::macos::* cpe:2.3:a:autodesk:autocad_architecture:::::::: cpe:2.3:a:autodesk:autocad::::::macos::* cpe:2.3:a:autodesk:revit:::::::: cpe:2.3:a:autodesk:design_review:2018:hotfix2:::::: cpe:2.3:a:autodesk:autocad_mep:::::::: cpe:2.3:a:autodesk:autocad_plant_3d:::::::: cpe:2.3:a:autodesk:autocad_mechanical:::::::: cpe:2.3:a:autodesk:design_review:2018:hotfix3:::::: cpe:2.3:a:autodesk:autocad_lt:::::::: cpe:2.3:a:autodesk:autocad_map_3d::::::::

18 Apr 2022, 17:15

Type	Values Removed	Values Added
Summary	~~A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDF earlier than 9.0.7 version.~~	A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

10 Jan 2022, 18:48

Type	Values Removed	Values Added
CPE	cpe:2.3:a:autodesk:autodesk_civil_3d:2019:::::::* cpe:2.3:a:autodesk:autodesk_advance_steel:2020:::::::* cpe:2.3:a:autodesk:autodesk_advance_steel:2021:::::::* cpe:2.3:a:autodesk:autodesk_advance_steel:2019:::::::* cpe:2.3:a:autodesk:autodesk_civil_3d:2022:::::::* cpe:2.3:a:autodesk:autodesk_civil_3d:2021:::::::* cpe:2.3:a:autodesk:autodesk_advance_steel:2022:::::::* cpe:2.3:a:autodesk:autodesk_civil_3d:2020:::::::*	cpe:2.3:a:autodesk:civil_3d:2019:::::::* cpe:2.3:a:autodesk:advance_steel:2020:::::::* cpe:2.3:a:autodesk:advance_steel:2022:::::::* cpe:2.3:a:autodesk:advance_steel:2021:::::::* cpe:2.3:a:autodesk:civil_3d:2021:::::::* cpe:2.3:a:autodesk:civil_3d:2022:::::::* cpe:2.3:a:autodesk:civil_3d:2020:::::::* cpe:2.3:a:autodesk:advance_steel:2019:::::::*

04 Jan 2022, 15:34

Type	Values Removed	Values Added
CPE		cpe:2.3:a:autodesk:revit:2022:::::::* cpe:2.3:a:autodesk:autocad_mep:2022:::::::* cpe:2.3:a:autodesk:autocad_lt:2020:::::::* cpe:2.3:a:autodesk:autodesk_advance_steel:2020:::::::* cpe:2.3:a:autodesk:autocad_map_3d:2022:::::::* cpe:2.3:a:autodesk:autocad:2022:::::::* cpe:2.3:a:autodesk:autocad:2019:::::::* cpe:2.3:a:autodesk:autocad_electrical:2021:::::::* cpe:2.3:a:autodesk:autocad_mechanical:2020:::::::* cpe:2.3:a:autodesk:autocad:2021:::::macos:: cpe:2.3:a:autodesk:autocad_lt:2021:::::::* cpe:2.3:a:autodesk:autocad_lt:2020:::::macos:: cpe:2.3:a:autodesk:autocad_architecture:2022:::::::* cpe:2.3:a:autodesk:autocad_electrical:2022:::::::* cpe:2.3:a:autodesk:autocad:2020:::::::* cpe:2.3:a:autodesk:navisworks:2021:::::::* cpe:2.3:a:autodesk:autocad_mep:2021:::::::* cpe:2.3:a:autodesk:autodesk_civil_3d:2021:::::::* cpe:2.3:a:autodesk:autocad_mep:2019:::::::* cpe:2.3:a:autodesk:autocad_electrical:2020:::::::* cpe:2.3:a:autodesk:autocad_mechanical:2019:::::::* cpe:2.3:a:autodesk:autocad_plant_3d:2019:::::::* cpe:2.3:a:autodesk:autodesk_civil_3d:2019:::::::* cpe:2.3:a:autodesk:revit:2021:::::::* cpe:2.3:a:autodesk:autodesk_civil_3d:2020:::::::* cpe:2.3:a:autodesk:autodesk_advance_steel:2021:::::::* cpe:2.3:a:autodesk:autocad_architecture:2021:::::::* cpe:2.3:a:autodesk:navisworks:2020:::::::* cpe:2.3:a:autodesk:autocad_map_3d:2020:::::::* cpe:2.3:a:autodesk:autodesk_civil_3d:2022:::::::* cpe:2.3:a:autodesk:autocad:2022:::::macos:: cpe:2.3:a:autodesk:autocad_lt:2021:::::macos:: cpe:2.3:a:autodesk:autocad_lt:2022:::::::* cpe:2.3:a:autodesk:revit:2020:::::::* cpe:2.3:a:autodesk:autocad_mechanical:2022:::::::* cpe:2.3:a:autodesk:navisworks:2019:::::::* cpe:2.3:a:autodesk:autodesk_advance_steel:2022:::::::* cpe:2.3:a:autodesk:autocad_plant_3d:2020:::::::* cpe:2.3:a:autodesk:autocad_plant_3d:2022:::::::* cpe:2.3:a:autodesk:autocad_plant_3d:2021:::::::* cpe:2.3:a:autodesk:autocad:2020:::::macos:: cpe:2.3:a:autodesk:navisworks:2022:::::::* cpe:2.3:a:autodesk:autocad:2021:::::::* cpe:2.3:a:autodesk:autodesk_advance_steel:2019:::::::* cpe:2.3:a:autodesk:autocad_architecture:2019:::::::* cpe:2.3:a:autodesk:autocad_architecture:2020:::::::* cpe:2.3:a:autodesk:autocad_map_3d:2019:::::::* cpe:2.3:a:autodesk:autocad_mechanical:2021:::::::* cpe:2.3:a:autodesk:autocad_lt:2022:::::macos:: cpe:2.3:a:autodesk:autocad_lt:2019:::::::* cpe:2.3:a:autodesk:autocad_mep:2020:::::::* cpe:2.3:a:autodesk:autocad_electrical:2019:::::::* cpe:2.3:a:autodesk:autocad_map_3d:2021:::::::*
References	~~(MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 -~~	(MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.4 v3 : 7.8
CWE		CWE-427

23 Dec 2021, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-23 19:15

Updated : 2024-11-21 06:23

NVD link : CVE-2021-40161

Mitre link : CVE-2021-40161

CVE.ORG link : CVE-2021-40161

JSON object : View

Products Affected

autodesk

autocad_architecture
autocad_map_3d
autocad_mep
autocad
autocad_lt
navisworks
autocad_mechanical
design_review
civil_3d
advance_steel
autocad_plant_3d
autocad_electrical
revit

CWE

CWE-787

Out-of-bounds Write

7.8 /10