Detections
Analytics

Autodesk AutoCAD < 2014 Multiple Vulnerabilities

high Nessus Plugin ID 73291

Language:

Synopsis

An application on the remote host is affected by multiple vulnerabilities.

Description

The remote host has a version of Autodesk AutoCAD installed prior to AutoCAD 2014. It is, therefore, potentially affected by the following vulnerabilities :

 - An error exists related to handling FAS files that could allow execution of arbitrary VBScript code.
 (CVE-2014-0818)

 - An error exists related to dynamic library loading.
 The application insecurely looks in the current working directory when resolving DLL dependencies. Attackers may exploit the issue by placing a specially crafted DLL file and another file associated with the application in a location controlled by the attacker. When the associated file is launched, the attacker's arbitrary code can be executed. (CVE-2014-0819)

Solution

Upgrade to Autodesk AutoCAD 2014 or later.

See Also

http://jvn.jp/en/jp/JVN43254599/index.html

http://jvn.jp/en/jp/JVN33382534/index.html

Plugin Details

Severity: High

ID: 73291

File Name: autocad_2014.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 4/1/2014

Updated: 12/2/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-0818

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:autodesk:autocad

Required KB Items: SMB/Registry/Enumerated, installed_sw/Autodesk AutoCAD

Exploit Ease: No known exploits are available

Patch Publication Date: 3/26/2013

Vulnerability Publication Date: 2/21/2014

Reference Information

CVE: CVE-2014-0818, CVE-2014-0819