CVE-2022-42945
https://notcve.org/view.php?id=CVE-2022-42945
DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0024 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-42946 – Autodesk Maya X_B File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-42946
Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Maya. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020 • CWE-125: Out-of-bounds Read •
CVE-2022-42938
https://notcve.org/view.php?id=CVE-2022-42938
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Un archivo TGA diseñado de forma maliciosa cuando es consumido mediante la aplicación DesignReview.exe podría conllevar a una vulnerabilidad de corrupción de memoria. Esta vulnerabilidad, junto con otras, podría conllevar a una ejecución de código en el contexto del proceso actual • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 • CWE-787: Out-of-bounds Write •
CVE-2022-42941
https://notcve.org/view.php?id=CVE-2022-42941
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Un archivo dwf o .pct malicioso diseñado cuando es consumido mediante la aplicación DesignReview.exe podría conllevar a una vulnerabilidad de corrupción de memoria por violación de acceso de lectura. Esta vulnerabilidad, junto con otras, podría conllevar a una ejecución de código en el contexto del proceso actual • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 • CWE-787: Out-of-bounds Write •
CVE-2022-42939
https://notcve.org/view.php?id=CVE-2022-42939
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Un archivo TGA diseñado de forma maliciosa cuando es consumido mediante la aplicación DesignReview.exe podría conllevar a una vulnerabilidad de corrupción de memoria. Esta vulnerabilidad, junto con otras, podría conllevar a una ejecución de código en el contexto del proceso actual • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 • CWE-787: Out-of-bounds Write •