Autodesk AutoCAD DWG Buffer Overflow

medium Nessus Plugin ID 73292

Synopsis

An application on the remote host is affected by a buffer overflow vulnerability.

Description

The remote host has a version of Autodesk AutoCAD installed that is potentially affected by an error related to handling DWG files that could lead to buffer overflows and possibly arbitrary code execution.

Solution

Apply the patch provided by the vendor. Note that :

- AutoCAD 2011 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2012 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2013 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2014 Service Pack 1 contains the patch.

See Also

https://vulners.com/binamuse/BINAMUSE:F12A08815586EE7A519144C52DC893AF

http://www.nessus.org/u?9dc441c9

Plugin Details

Severity: Medium

ID: 73292

File Name: autocad_dwg_overflow.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 4/1/2014

Updated: 12/2/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-3665

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:autodesk:autocad, cpe:/a:autodesk:autocad_architecture, cpe:/a:autodesk:autocad_civil_3d, cpe:/a:autodesk:autocad_ecscad, cpe:/a:autodesk:autocad_electrical, cpe:/a:autodesk:autocad_lt, cpe:/a:autodesk:autocad_map_3d, cpe:/a:autodesk:autocad_mechanical, cpe:/a:autodesk:autocad_mep, cpe:/a:autodesk:autocad_p%26id, cpe:/a:autodesk:autocad_plant_3d, cpe:/a:autodesk:autocad_structural_detailing, cpe:/a:autodesk:autocad_utility_design

Required KB Items: SMB/Registry/Enumerated, installed_sw/Autodesk AutoCAD

Exploit Ease: No known exploits are available

Patch Publication Date: 7/10/2013

Vulnerability Publication Date: 6/27/2013

Reference Information

CVE: CVE-2013-3665