Summary
| Detail | |||
|---|---|---|---|
| Vendor | Autodesk | First view | 2013-07-18 |
| Product | Autocad Map 3d | Last view | 2025-04-15 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 0 | 2025-04-15 | CVE-2025-1276 | A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-04-15 | CVE-2025-1275 | A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1652 | A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1651 | A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1650 | A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1649 | A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1433 | A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1432 | A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1431 | A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1430 | A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1429 | A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1428 | A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 7.8 | 2025-03-13 | CVE-2025-1427 | A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 0 | 2024-08-20 | CVE-2024-7305 | A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. |
| 0 | 2024-06-25 | CVE-2024-37007 | A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. |
| 0 | 2024-06-25 | CVE-2024-37006 | A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. |
| 0 | 2024-06-25 | CVE-2024-37005 | A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process. |
| 0 | 2024-06-25 | CVE-2024-37004 | A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. |
| 0 | 2024-06-25 | CVE-2024-37003 | A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 0 | 2024-06-25 | CVE-2024-37002 | A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. |
| 0 | 2024-06-25 | CVE-2024-37001 | A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| 0 | 2024-06-25 | CVE-2024-37000 | A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. |
| 0 | 2024-06-25 | CVE-2024-36999 | A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. |
| 0 | 2024-06-25 | CVE-2024-23159 | A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. |
| 0 | 2024-06-25 | CVE-2024-23158 | A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 64% (70) | CWE-787 | Out-of-bounds Write |
| 15% (17) | CWE-125 | Out-of-bounds Read |
| 9% (10) | CWE-416 | Use After Free |
| 2% (3) | CWE-755 | Improper Handling of Exceptional Conditions |
| 1% (2) | CWE-190 | Integer Overflow or Wraparound |
| 1% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 0% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 0% (1) | CWE-502 | Deserialization of Untrusted Data |
| 0% (1) | CWE-427 | Uncontrolled Search Path Element |
| 0% (1) | CWE-415 | Double Free |
| 0% (1) | CWE-200 | Information Exposure |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-05 | TRUFFLEHUNTER TALOS-2018-0670 attack attempt RuleID : 47722 - Type : FILE-OTHER - Revision : 2 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2018-0670 attack attempt RuleID : 47721 - Type : FILE-OTHER - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-06-30 | Name: An application on the remote host is affected by a buffer overflow vulnerabil... File: autodesk_dwg_trueview_overflow.nasl - Type: ACT_GATHER_INFO |
| 2014-04-01 | Name: An application on the remote host is affected by a buffer overflow vulnerabil... File: autocad_dwg_overflow.nasl - Type: ACT_GATHER_INFO |
