This is a memory corruption vulnerability existing in the decoding of Design Web Format (DWF) files in AutoDesk Design Review. Specifically, the vulnerability is caused by a malformed DWF file, which causes an out-of-bounds memory write due to an improper bounds check.Īttackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWF file.įortinet released IPS signature for this specific vulnerability to proactively protect our customers. This is a memory corruption vulnerability that exists in the decoding of Design Web Format (DWF) files in AutoDesk Design Review. More information can be found on the related Fortinet Zero Day Advisory pages by clicking the CVE links, below: CVE-2022-27525 Impact: Multiple Vulnerabilities leading to Arbitrary Code Execution or Information Disclosure.įollowing are some details on these vulnerabilities. Users of Autodesk Navisworks versions 2022.1 and earlier, 2021.2 and earlier, 2020.3 and earlier, 2019.5 and earlier.Users of Autodesk Design Review versions 2018 Hotfix 4 and earlier.Due to the severity of these vulnerabilities, we suggest users apply the AutoDesk patches as soon as possible. All these vulnerabilities have different root causes pertaining to the decoding of several file formats by the vulnerable AutoDesk products. Last week (the week of March 28, 2022), AutoDesk released several security patches ( 1, 2 & 3 ) which fixed them. Towards the end of 2021, we discovered and reported multiple zero-day vulnerabilities in AutoDesk products: DWG TrueView, Design Review and Navisworks.
0 kommentar(er)
