CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 0CVE-2021-27028 – Autodesk FBX Review FBX File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27028
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files. Una vulnerabilidad de Corrupción de Memoria en Autodesk FBX Review versión 1.5.0 y anteriores, puede conllevar a una ejecución de código remota a través de archivos DLL diseñados maliciosamente This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-465 https://www.zerodayinitiative.com/advisories/ZDI-21-467 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27027 – Autodesk FBX Review FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27027
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure. Una vulnerabilidad de Lectura y Escritura Fuera de Límites en Autodesk FBX Review versión 1.5.0 y anteriores, puede conllevar a una ejecución de código remota a través de archivos DLL diseñados maliciosamente o una divulgación de información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-469 https://www.zerodayinitiative.com/advisories/ZDI-21-470 https://www.zerodayinitiative.com/advisories/ZDI-21-471 https://www.zerodayinitiative.com/advisories/ZDI-21-472 https://www.zerodayinitiative.com/advisories/ZDI-21-473 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7079
https://notcve.org/view.php?id=CVE-2020-7079
An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. Una vulnerabilidad de comprobación de firma inapropiada en Autodesk Dynamo BIM versiones 2.5.1 y 2.5.0, puede conllevar a una ejecución de código por medio de archivos DLL especialmente diseñados maliciosamente. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0001 • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7085
https://notcve.org/view.php?id=CVE-2020-7085
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it. Una vulnerabilidad de desbordamiento de pila (heap) en Autodesk FBX-SDK versiones 2019.2 y anteriores, puede conllevar a una ejecución de código arbitraria en un sistema que lo ejecute. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7084
https://notcve.org/view.php?id=CVE-2020-7084
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Una vulnerabilidad de desbordamiento del puntero NULL en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a una denegación de servicio de la aplicación. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 • CWE-476: NULL Pointer Dereference •