Описание (на английском; русское — в БДУ выше)
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Затрагиваемое ПО
Autodesk Autocad map 3dAutodesk Autocad mechanicalAutodesk Autocad mepAutodesk Autocad plant 3dAutodesk Civil 3dAutodesk Advance steelAutodesk AutocadAutodesk Autocad architectureAutodesk Autocad electrical
CVSS
| Балл | 7.8 — высокая |
| Вектор | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Источники
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009