CVE-2014-0818 — Code Injection in Autocad

CWE-94 — Code Injection CWE-611 — XML External Entity (XXE) Injection CWE-266 — Incorrect Privilege Assignment6 documents6 sources

Severity

7.5HIGHNVD

GHSA5.0

EPSS

0.8%

top 26.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Autocad

Timeline

PublishedFeb 22

Latest updateMay 17

Description

Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDautodesk/autocad2013

🔴Vulnerability Details

GHSA

GHSA-cfvc-f59m-r6fr: Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Tr↗2022-05-17

▶

GHSA

Incorrect Privilege Assignment in RESTEasy↗2022-05-14

▶

CVEList

CVE-2014-0818: Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Tr↗2014-02-22

▶

📋Vendor Advisories

Red Hat

RESTEasy: XXE via parameter entities↗2014-07-23

▶