A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Nov 2023, 15:45
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-787 | |
| CPE | cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* |
24 Nov 2023, 15:24
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-23 04:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-41140
Mitre link : CVE-2023-41140
CVE.ORG link : CVE-2023-41140
JSON object : View
Products Affected
autodesk
- autocad_lt
- autocad_civil_3d
- autocad
- autocad_plant_3d
- autocad_advance_steel
- autocad_map_3d
- autocad_architecture
- autocad_electrical
- autocad_mep
- autocad_mechanical