CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23139 – Autodesk FBX Review ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23139
An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code “ABC” files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Una vulnerabilidad de escritura fuera de los límites en Autodesk FBX Review versión 1.5.3.0 y anteriores puede provocar la ejecución de código o la divulgación de información a través de archivos de código de bytes “ABC” de ActionScript creados con fines malintencionados. Los archivos ABC son creados por el compilador Flash y contienen código ejecutable. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0005 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25794 – Autodesk FBX Review ABC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-25794
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Una vulnerabilidad de lectura fuera de los límites en la versión 1.5.2 de Autodesk FBX Review y anteriores puede conducir a la ejecución de código a través de archivos ActionScript Byte Code 'ABC' maliciosamente elaborados o a la divulgación de información. Los archivos ABC son creados por el compilador de Flash y contienen código ejecutable. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0006 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27044 – Siemens Solid Edge Viewer FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27044
A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure. Una vulnerabilidad de escritura fuera de límites en Autodesk FBX Review versión 1.5.0 y anteriores, puede conllevar una ejecución de código mediante archivos DLL maliciosamente diseñados o una divulgación de información This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40157 – Autodesk FBX Review DAE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-40157
A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system. Un usuario puede ser engañado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de Desreferencia de Puntero no Confiable en FBX Review versión 1.5.0 y anteriores, causando una ejecución de código arbitrario en el sistema This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DAE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27031 – Autodesk FBX Review DAE File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27031
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. Un usuario puede ser engañado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de uso de la memoria previamente liberada en Review de FBX, causando que la aplicación haga referencia a una ubicación de memoria controlada por un tercero no autorizado, ejecutando así un código arbitrario en el sistema This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DAE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001 https://www.zerodayinitiative.com/advisories/ZDI-21-1069 https://www.zerodayinitiative.com/advisories/ZDI-21-468 • CWE-416: Use After Free •