Vulnerability CVE-2013-3665


Published: 2013-07-18

Description:
Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file.

See advisories in our WLB2 database:
Topic
Author
Date
High
AutoCAD DWG-AC1021 Memory Corruption
Felipe Manzano
25.07.2013
Low
AutoCAD 2013 G.55.0.0 Untrusted Search Path
kaito834
18.03.2014

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Autodesk -> Autocad 
Autodesk -> Autocad architecture 
Autodesk -> Autocad civil 3d 
Autodesk -> Autocad ecscad 
Autodesk -> Autocad electrical 
Autodesk -> Autocad lt 
Autodesk -> Autocad map 3d 
Autodesk -> Autocad mechanical 
Autodesk -> Autocad mep 
Autodesk -> Autocad p&id 
Autodesk -> Autocad plant 3d 
Autodesk -> Autocad structural detailing 
Autodesk -> Autocad utility design 
Autodesk -> Dwg trueview 

 References:
http://usa.autodesk.com/adsk/servlet/ps/dl/item?id=21972896&linkID=9240618&siteID=123112
http://images.autodesk.com/adsk/files/Autodesk_AutoCAD_Code_Execution_Vulnerability_Hotfix_Readme.pdf

Copyright 2024, cxsecurity.com

 

Back to Top