Autodesk DWG TrueView Buffer Overflow

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

An application on the remote host is affected by a buffer overflow
vulnerability.

Description :

The remote host has an install of Autodesk DWG TrueView version 2011,
2012, 2013 or 2014, and thus is affected by an error related to the
handling of DWG files.

The error exists due to a failure to properly bounds-check data in DWG
files before using it to index and copy heap memory values. An
attacker could exploit this issue by convincing a user to open a
specially crafted DWG file which could result in arbitrary code
execution.

See also :

http://blog.binamuse.com/2013/07/autocad-dwg-ac1021-heap-corruption.html
http://www.binamuse.com/advisories/BINA-20130724.txt
http://www.binamuse.com/exploits/BINA-20130724.py
http://www.binamuse.com/papers/ACADR2007Report.pdf
http://www.nessus.org/u?f980a90d
http://www.nessus.org/u?5e641599

Solution :

Upgrade to version 18.1.75.0.0, 18.2.75.0.0, 19.0.75.0.0, 19.1.75.0.0
or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 76308 ()

Bugtraq ID: 61355

CVE ID: CVE-2013-3665

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now