Autodesk Advance Steel vulnerabilities

CVE-2024-23134 [HIGH] CWE-416 CVE-2024-23134: A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-a A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVE-2024-23128 [HIGH] CWE-119 CVE-2024-23128: A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

CVE-2024-23131 [HIGH] CWE-119 CVE-2024-23131: A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll o A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

CVE-2024-23135 [HIGH] CWE-416 CVE-2024-23135: A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can b A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVE-2024-23124 [HIGH] CWE-787 CVE-2024-23124: A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-23127 [HIGH] CWE-122 CVE-2024-23127: A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-23133 [HIGH] CWE-119 CVE-2024-23133: A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lea A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2024-23137 [HIGH] CWE-457 CVE-2024-23137: A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

CVE-2024-23126 [HIGH] CWE-121 CVE-2024-23126: A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-0446 [HIGH] CWE-787 CVE-2024-0446: A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dl A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-23136 [HIGH] CWE-822 CVE-2024-23136: A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be u A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVE-2024-23121 [HIGH] CWE-787 CVE-2024-23121: A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force a A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-23122 [HIGH] CWE-787 CVE-2024-23122: A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-23132 [HIGH] CWE-119 CVE-2024-23132: A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2024-23125 [HIGH] CWE-121 CVE-2024-23125: A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be use A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2024-23123 [HIGH] CWE-787 CVE-2024-23123: A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk A A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2024-23130 [HIGH] CWE-119 CVE-2024-23130: A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applicati A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

CVE-2024-23120 [HIGH] CWE-787 CVE-2024-23120: A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll thro A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2022-27871 [HIGH] CWE-770 CVE-2022-27871: Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

CVE-2022-25788 [HIGH] CWE-787 CVE-2022-25788: A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buf A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.