CVE-2019-7364 — Uncontrolled Search Path Element in Advance Steel

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 45.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Advance Steel Autodesk Autocad Autodesk Autocad Architecture +8 more

Timeline

PublishedAug 23

Latest updateMay 24

Description

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

▶NVDautodesk/autocad_plant_3d4 versions+3

▶NVDautodesk/autocad_electrical4 versions+3

▶NVDautodesk/autocad_mechanical4 versions+3

▶NVDautodesk/autocad_architecture4 versions+3

▶NVDautodesk/autocad4 versions+3

Patches

Patch: www.autodesk.com ↗Patch: www.autodesk.com ↗

🔴Vulnerability Details

GHSA

GHSA-68xj-rhqv-3cc9: DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, A↗2022-05-24

▶

CVEList

CVE-2019-7364: DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, A↗2019-08-23

▶