CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27029 – Autodesk FBX Review FBX File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27029
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service. Un usuario puede ser engañado para que abra un archivo FBX malicioso que puede explotar una vulnerabilidad de desviación de puntero nulo en la versión de revisión de FBX 1.5.0 y anteriores, lo que provoca el bloqueo de la aplicación y una denegación de servicio. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-464 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 0CVE-2021-27028 – Autodesk FBX Review FBX File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27028
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files. Una vulnerabilidad de Corrupción de Memoria en Autodesk FBX Review versión 1.5.0 y anteriores, puede conllevar a una ejecución de código remota a través de archivos DLL diseñados maliciosamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-465 https://www.zerodayinitiative.com/advisories/ZDI-21-467 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27027 – Autodesk FBX Review FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27027
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure. Una vulnerabilidad de Lectura y Escritura Fuera de Límites en Autodesk FBX Review versión 1.5.0 y anteriores, puede conllevar a una ejecución de código remota a través de archivos DLL diseñados maliciosamente o una divulgación de información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-469 https://www.zerodayinitiative.com/advisories/ZDI-21-470 https://www.zerodayinitiative.com/advisories/ZDI-21-471 https://www.zerodayinitiative.com/advisories/ZDI-21-472 https://www.zerodayinitiative.com/advisories/ZDI-21-473 • CWE-125: Out-of-bounds Read •