CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 0CVE-2021-27030 – Autodesk FBX Review ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27030
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. Un usuario puede ser engañado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de Ejecución de Código Remota Salto de Directorio en Review de FBX, causando que se ejecute un código arbitrario en el sistema This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. When handling filenames specified within a ZIP file, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-1070 https://www.zerodayinitiative.com/advisories/ZDI-21-466 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27029 – Autodesk FBX Review FBX File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27029
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service. Un usuario puede ser engañado para que abra un archivo FBX malicioso que puede explotar una vulnerabilidad de desviación de puntero nulo en la versión de revisión de FBX 1.5.0 y anteriores, lo que provoca el bloqueo de la aplicación y una denegación de servicio. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-464 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 0CVE-2021-27028 – Autodesk FBX Review FBX File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27028
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files. Una vulnerabilidad de Corrupción de Memoria en Autodesk FBX Review versión 1.5.0 y anteriores, puede conllevar a una ejecución de código remota a través de archivos DLL diseñados maliciosamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-465 https://www.zerodayinitiative.com/advisories/ZDI-21-467 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27027 – Autodesk FBX Review FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27027
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure. Una vulnerabilidad de Lectura y Escritura Fuera de Límites en Autodesk FBX Review versión 1.5.0 y anteriores, puede conllevar a una ejecución de código remota a través de archivos DLL diseñados maliciosamente o una divulgación de información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-469 https://www.zerodayinitiative.com/advisories/ZDI-21-470 https://www.zerodayinitiative.com/advisories/ZDI-21-471 https://www.zerodayinitiative.com/advisories/ZDI-21-472 https://www.zerodayinitiative.com/advisories/ZDI-21-473 • CWE-125: Out-of-bounds Read •