CVE-2024-11454

CWE-4263 documents3 sources
Severity
7.8HIGH
EPSS
0.3%
top 46.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Autodesk Revit
Timeline
PublishedDec 9

Description

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5autodesk/revit20252025.4
NVDautodesk/revit20252025.4

🔴Vulnerability Details

2
GHSA
GHSA-vfjm-xw35-h45p: A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the2024-12-09
CVEList
Untrusted Search Path vulnerability in Autodesk Revit2024-12-09
CVE-2024-11454 (HIGH CVSS 7.8) | A maliciously crafted DLL file | cvebase.io