CVE-2024-23136

Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

CVSS 7.8 HIGHEPSS 0.4%CWE-822

A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Autodesk · Advance Steel Autodesk · AutoCAD Autodesk · AutoCAD Architecture Autodesk · AutoCAD Electrical Autodesk · AutoCAD MAP 3D Autodesk · AutoCAD Mechanical Autodesk · AutoCAD MEP Autodesk · AutoCAD Plant 3D Autodesk · Civil 3D

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004