CVE-2024-9500 – Autodesk ADP Desktop SDK Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9500
A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0023 • CWE-269: Improper Privilege Management •
CVE-2024-37008 – Stack-based Overflow Vulnerability in Revit Software
https://notcve.org/view.php?id=CVE-2024-37008
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0013 • CWE-121: Stack-based Buffer Overflow •
CVE-2024-23139 – Autodesk FBX Review ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23139
An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code “ABC” files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Una vulnerabilidad de escritura fuera de los límites en Autodesk FBX Review versión 1.5.3.0 y anteriores puede provocar la ejecución de código o la divulgación de información a través de archivos de código de bytes “ABC” de ActionScript creados con fines malintencionados. Los archivos ABC son creados por el compilador Flash y contienen código ejecutable. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0005 • CWE-787: Out-of-bounds Write •
CVE-2023-41146
https://notcve.org/view.php?id=CVE-2023-41146
Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account. Autodesk Customer Support Portal permite que los casos creados por usuarios de una cuenta vean los casos creados por otros usuarios de la misma cuenta. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0020 •
CVE-2023-41145
https://notcve.org/view.php?id=CVE-2023-41145
Autodesk users who no longer have an active license for an account can still access cases for that account. Los usuarios de Autodesk que ya no tengan una licencia activa para una cuenta, aún pueden acceder a los casos de esa cuenta. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0020 •