Описание (на английском; русское — в БДУ выше)
A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
Затрагиваемое ПО
Autodesk Autocad map 3dAutodesk Autocad mechanicalAutodesk Autocad mepAutodesk Autocad plant 3dAutodesk Civil 3dAutodesk Advance steelAutodesk AutocadAutodesk Autocad architectureAutodesk Autocad electrical
CVSS
| Балл | 7.8 — высокая |
| Вектор | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Источники
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010