A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
During parsing of a PRT file by Autodesk AutoCAD, data is written outside the boundaries of the allocated memory buffer (Out-Of-Bounds Write). An attacker can provide a victim with a maliciously crafted PRT file, and opening it in a vulnerable version of the software will trigger a memory write error. The improper write can be exploited to seize control of the process execution flow and execute arbitrary code.
An attacker can cause the application to crash (DoS), read sensitive data from process memory, or execute arbitrary code (RCE) in the context of the current user process.
Patches available from the manufacturer must be applied according to the references — detailed information about patched versions is available at https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018
Autodesk AutoCAD 2023 and 2024 and Autodesk AutoCAD Advance Steel (versions indicated in the manufacturer's references — advisory ADSK-SA-2023-0018)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAutodesk Autocad
APPAutodesk< 2024.12023.0.0 – 2023.1.4 (bez)2024.0.0 – 2024.1.1 (bez)Autodesk Autocad Advance Steel
APPAutodesk< 2023.1.42024.0.0 – 2024.1.1 (bez)Autodesk Autocad Architecture
APPAutodesk< 2023.1.42024.0.0 – 2024.1.1 (bez)Autodesk Autocad Civil 3d
APPAutodesk< 2023.1.42024.0.0 – 2024.1.1 (bez)Autodesk Autocad Electrical
APPAutodesk< 2023.1.42024.0.0 – 2024.1.1 (bez)Autodesk Autocad Lt
APPAutodesk< 2023.1.4< 2024.12024.0.0 – 2024.1.1 (bez)Autodesk Autocad Map 3d
APPAutodesk< 2023.1.42024.0.0 – 2024.1.1 (bez)Autodesk Autocad Mechanical
APPAutodesk< 2023.1.42024.0.0 – 2024.1.1 (bez)Autodesk Autocad Mep
APPAutodesk< 2023.1.42024.0.0 – 2024.1.1 (bez)Autodesk Autocad Plant 3d
APPAutodesk< 2023.1.42024.0.0 – 2024.1.1 (bez)
Related vulnerabilities
Autodesk AutoCAD — uszkodzenie pamięci przy parsowaniu plików 3D (RCE)
Heap-Based Buffer Overflow w Autodesk AutoCAD przy parsowaniu pliku MODEL
Autodesk AutoCAD: Out-Of-Bounds Write przy parsowaniu pliku CATPART
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds ...
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Wr...