Vulnerability CVE-2019-7364


Published: 2019-08-23   Modified: 2019-08-24

Description:
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

Type:

CWE-427

(Uncontrolled Search Path Element)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Autodesk -> Advance steel 
Autodesk -> Autocad 
Autodesk -> Autocad architecture 
Autodesk -> Autocad electrical 
Autodesk -> Autocad lt 
Autodesk -> Autocad map 3d 
Autodesk -> Autocad mechanical 
Autodesk -> Autocad mep 
Autodesk -> Autocad p&id 
Autodesk -> Autocad plant 3d 
Autodesk -> Civil 3d 

 References:
https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002

Copyright 2021, cxsecurity.com

 

Back to Top