Vulnerability CVE-2013-3665


Published: 2013-07-18

Description:
Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file.

See advisories in our WLB2 database:
Topic
Author
Date
High
AutoCAD DWG-AC1021 Memory Corruption
Felipe Manzano
25.07.2013
Low
AutoCAD 2013 G.55.0.0 Untrusted Search Path
kaito834
18.03.2014

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Autodesk
Product: Autocad map 3d 
Version:
2014
2013
2012
2011
Product: Autocad architecture 
Version:
2014
2013
2012
2011
Product: Autocad p&id 
Version:
2014
2013
2012
2011
Product: Autocad utility design 
Version:
2014
2013
2012
2011
Product: Autocad electrical 
Version:
2014
2013
2012
2011
Product: Autocad mechanical 
Version:
2014
2013
2012
2011
Product: Autocad civil 3d 
Version:
2014
2013
2012
2011
Product: Autocad plant 3d 
Version:
2014
2013
2012
2011
Product: Dwg trueview 
Version:
2014
2013
2012
2011
Product: Autocad lt 
Version:
2014
2013
2012
2011
Product: Autocad 
Version:
2014
2013
2012
2011
Product: Autocad mep 
Version:
2014
2013
2012
2011
Product: Autocad ecscad 
Version:
2014
2013
2012
2011
Product: Autocad structural detailing 
Version:
2014
2013
2012
2011

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://usa.autodesk.com/adsk/servlet/ps/dl/item?id=21972896&linkID=9240618&siteID=123112
http://images.autodesk.com/adsk/files/Autodesk_AutoCAD_Code_Execution_Vulnerability_Hotfix_Readme.pdf

Related CVE
CVE-2019-7361
An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD E...
CVE-2019-7360
An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD M...
CVE-2019-7359
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD M...
CVE-2019-7358
An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Me...
CVE-2016-9307
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
CVE-2016-9304
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
CVE-2016-9305
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
CVE-2016-9306
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.

Copyright 2019, cxsecurity.com

 

Back to Top