CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9304
https://notcve.org/view.php?id=CVE-2016-9304
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files. Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario al leer o convertir archivos de formato DFX mal formados. • http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01 http://www.securityfocus.com/bid/95799 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9305
https://notcve.org/view.php?id=CVE-2016-9305
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers. Manipulación incorrecta en el SDK de Autodesk FBX en versiones anteriores a 2017.1 de desajustes de tipo y objetos eliminados anteriormente relacionados con la lectura y conversión de archivos de formato FBX mal formados pueden permitir a atacantes obtener acceso a punteros no inicializados. • http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01 http://www.securityfocus.com/bid/95803 • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9307
https://notcve.org/view.php?id=CVE-2016-9307
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files. Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario al leer o convertir archivos de formato 3DS mal formados. • http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01 http://www.securityfocus.com/bid/95802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2344
https://notcve.org/view.php?id=CVE-2016-2344
Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. Desbordamiento de buffer basado en pila en manager.exe en Backburner Manager en Autodesk Backburner 2016 2016.0.0.2150 y versiones anteriores permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de demonio) a través de un comando manipulado. NOTA: esta es sólo una vulnerabilidad en entornos en los que el administrador no ha seguido la documentación que describe los riesgos de seguridad de funcionamiento de Backburner en redes no confiables. • http://www.kb.cert.org/vuls/id/732760 http://www.securitytracker.com/id/1035426 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 39%CPEs: 1EXPL: 0CVE-2015-8571 – Autodesk Design Review BMP biClrUsed Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8571
Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. Desbordamiento de entero en Autodesk Design Review (ADR) en versiones anteriores a 2013 Hotfix 2 permite a atacantes remotos ejecutar código arbitrario a través de un valor biClrUsed manipulado en un archivo BMP, lo que desencadena un desbordamiento de buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of BMP files. The issue lies in the the failure to test for an integer overflow when multiplying the biClrUsed value by four. • http://www.securityfocus.com/bid/79800 http://www.zerodayinitiative.com/advisories/ZDI-15-617 https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html • CWE-189: Numeric Errors •