CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27039 – Autodesk Design Review TIF File Parsing Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27039
A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code. Un archivo TIFF y PCX malicioso puede ser forzado a leer y escribir más allá de los límites asignados cuando se analiza el archivo TIFF y PCX para el desbordamiento basado. Esta vulnerabilidad puede ser explotada para ejecutar código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27032
https://notcve.org/view.php?id=CVE-2021-27032
Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service. Se descubrió que el Instalador de Licencias de Autodesk es vulnerable a problemas de escalada de privilegios. Un usuario malintencionado con privilegios limitados podría ejecutar cualquier número de herramientas en un sistema para identificar los servicios que están configurados con permisos débiles y que se ejecutan con privilegios elevados. • https://knowledge.autodesk.com/search-result/caas/downloads/content/autodesk-licensing-service-download.html https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002 https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0002%3B • CWE-276: Incorrect Default Permissions •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27031 – Autodesk FBX Review DAE File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27031
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. Un usuario puede ser engañado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de uso de la memoria previamente liberada en Review de FBX, causando que la aplicación haga referencia a una ubicación de memoria controlada por un tercero no autorizado, ejecutando así un código arbitrario en el sistema This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DAE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-1069 https://www.zerodayinitiative.com/advisories/ZDI-21-468 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 0CVE-2021-27030 – Autodesk FBX Review ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27030
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. Un usuario puede ser engañado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de Ejecución de Código Remota Salto de Directorio en Review de FBX, causando que se ejecute un código arbitrario en el sistema This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. When handling filenames specified within a ZIP file, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-1070 https://www.zerodayinitiative.com/advisories/ZDI-21-466 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27029 – Autodesk FBX Review FBX File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27029
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service. Un usuario puede ser engañado para que abra un archivo FBX malicioso que puede explotar una vulnerabilidad de desviación de puntero nulo en la versión de revisión de FBX 1.5.0 y anteriores, lo que provoca el bloqueo de la aplicación y una denegación de servicio. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-464 • CWE-476: NULL Pointer Dereference •