Vulnerability CVE-2013-3665


Published: 2013-07-18

Description:
Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file.

See advisories in our WLB2 database:
Topic
Author
Date
High
AutoCAD DWG-AC1021 Memory Corruption
Felipe Manzano
25.07.2013
Low
AutoCAD 2013 G.55.0.0 Untrusted Search Path
kaito834
18.03.2014

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Autodesk
Product: Autocad map 3d 
Version:
2014
2013
2012
2011
Product: Autocad architecture 
Version:
2014
2013
2012
2011
Product: Autocad p&id 
Version:
2014
2013
2012
2011
Product: Autocad electrical 
Version:
2014
2013
2012
2011
Product: Autocad utility design 
Version:
2014
2013
2012
2011
Product: Autocad mechanical 
Version:
2014
2013
2012
2011
Product: Autocad civil 3d 
Version:
2014
2013
2012
2011
Product: Autocad plant 3d 
Version:
2014
2013
2012
2011
Product: Autocad lt 
Version:
2014
2013
2012
2011
Product: Dwg trueview 
Version:
2014
2013
2012
2011
Product: Autocad 
Version:
2014
2013
2012
2011
Product: Autocad mep 
Version:
2014
2013
2012
2011
Product: Autocad ecscad 
Version:
2014
2013
2012
2011
Product: Autocad structural detailing 
Version:
2014
2013
2012
2011

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://usa.autodesk.com/adsk/servlet/ps/dl/item?id=21972896&linkID=9240618&siteID=123112
http://images.autodesk.com/adsk/files/Autodesk_AutoCAD_Code_Execution_Vulnerability_Hotfix_Readme.pdf

Related CVE
CVE-2019-7364
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 201...
CVE-2019-7363
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.
CVE-2019-7362
DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.
CVE-2019-7361
An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD E...
CVE-2019-7360
An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD M...
CVE-2019-7359
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD M...
CVE-2019-7358
An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Me...
CVE-2016-9307
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.

Copyright 2019, cxsecurity.com

 

Back to Top