Autodesk has disclosed a critical vulnerability in its AutoCAD software, which could allow malicious actors to execute arbitrary code.
This vulnerability, CVE-2024-7305, identified in the AdDwfPdk.dll component, is triggered when a specially crafted DWF (Design Web Format) file is parsed.
The flaw has been classified as an Out-of-Bounds Write, a vulnerability that can lead to severe security implications for users.
CVE-2024-7305 – DWF Vulnerability
The vulnerability, tracked under the Common Vulnerabilities and Exposures (CVE) system, is a significant concern for Autodesk AutoCAD users.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
It exploits the CWE-787: Out-of-Bounds Write, which occurs when software writes data past the end, or before the beginning, of the intended buffer. This can result in unexpected behavior, including crashes, data corruption, or, in this case, arbitrary code execution.
According to the Common Vulnerability Scoring System (CVSS), the vulnerability has been assigned a score of 7.8, categorizing it as high severity.
The vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates that the attack requires local access and user interaction but does not require elevated privileges.
The potential impact includes high confidentiality, integrity, and availability concerns, making it a critical issue for affected users.
Potential Risks
The primary risk associated with this vulnerability is that a malicious actor could craft a DWF file to exploit the flaw, leading to a crash, unauthorized data access, or execution of arbitrary code.
This could allow attackers to gain control over the affected system, access sensitive information, or disrupt operations.
Autodesk has not yet released a patch for this vulnerability, but users are strongly advised to exercise caution when opening DWF files from untrusted sources.
To mitigate potential risks, it is recommended that additional security measures be implemented, such as using antivirus software and enabling firewalls.
Users should also stay informed about Autodesk updates regarding this vulnerability and apply any patches as soon as they become available.
Regularly updating software and maintaining good cybersecurity hygiene is crucial to protecting against such vulnerabilities. This vulnerability highlights the ongoing challenges in securing complex software systems like Autodesk AutoCAD.
As cyber threats evolve, software developers and users must remain vigilant and proactive in addressing potential security risks.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access