A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Nov 2023, 15:48
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-119 | |
| CPE | cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| References | () https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 - Vendor Advisory |
24 Nov 2023, 15:24
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-23 04:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-41139
Mitre link : CVE-2023-41139
CVE.ORG link : CVE-2023-41139
JSON object : View
Products Affected
autodesk
- autocad_lt
- autocad_civil_3d
- autocad
- autocad_plant_3d
- autocad_advance_steel
- autocad_map_3d
- autocad_architecture
- autocad_electrical
- autocad_mep
- autocad_mechanical