CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7298 – Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software
https://notcve.org/view.php?id=CVE-2023-7298
09 Dec 2024 — A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2023-0025 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33882 – Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-33882
29 Jul 2022 — Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. Bajo determinadas condiciones, un atacante podría crear una esfera de control no intencionada mediante una vulnerabilidad presente en la operación de eliminación de archivos en la aplicación de escritorio de Autodesk (ADA). Un atacante podría a... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0015 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7365
https://notcve.org/view.php?id=CVE-2019-7365
03 Dec 2019 — DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system. Una vulnerabilidad de precarga de DLL en Autodesk Desktop Application versiones 7.0.16.29 y anteriores. Un atacante puede engañar a un usuario para descargar un archivo DLL malicioso en el directorio de trabajo, que puede entonces aprove... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0004 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 0CVE-2016-2344
https://notcve.org/view.php?id=CVE-2016-2344
28 Mar 2016 — Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. Desbordamiento de buffer basado en pila en manager.exe en Backburner Manager en Autodes... • http://www.kb.cert.org/vuls/id/732760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 3CVE-2009-3576 – Autodesk SoftImage Scene TOC - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2009-3576
24 Nov 2009 — Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control. Autodesk Softimage v7.x y Softimage XSI v6.x permite a atacantes remotos ejecutar código JavaScript de su elección a través de un paquete de escena que contiene un archivo Tabla de Contenidos de Escena (como .scntoc) con un elemen... • https://www.exploit-db.com/exploits/10211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 1CVE-2009-3578 – Autodesk Maya Script - Nodes Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2009-3578
24 Nov 2009 — Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes." Autodesk Maya v8.0, v8.5, v2008, v2009, y v2010 y Alias Wavefront Maya v6.5 y v7.0 permite a atacantes remotos ejecutar código de su elección a través de archvio (1) .ma o (2) .mb que usa comando python de Maya Embedded Language (M... • https://www.exploit-db.com/exploits/10213 • CWE-94: Improper Control of Generation of Code ('Code Injection') •