Autodesk AutoCAD DWG Buffer Overflow

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

An application on the remote host is affected by a buffer overflow
vulnerability.

Description :

The remote host has a version of Autodesk AutoCAD installed that is
potentially affected by an error related to handling DWG files that
could lead to buffer overflows and possibly arbitrary code execution.

See also :

http://blog.binamuse.com/2013/07/autocad-dwg-ac1021-heap-corruption.html
http://www.binamuse.com/advisories/BINA-20130724.txt
http://www.binamuse.com/exploits/BINA-20130724.py
http://www.binamuse.com/papers/ACADR2007Report.pdf
http://www.nessus.org/u?add64eae

Solution :

Apply the patch provided by the vendor. Note that :

- AutoCAD 2011 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2012 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2013 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2014 Service Pack 1 contains the patch.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 73292 ()

Bugtraq ID: 61355

CVE ID: CVE-2013-3665

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now