Autodesk AutoCAD < 2014 Multiple Vulnerabilities

High Nessus Plugin ID 73291


An application on the remote host is affected by multiple vulnerabilities.


The remote host has a version of Autodesk AutoCAD installed prior to AutoCAD 2014. It is, therefore, potentially affected by the following vulnerabilities :

- An error exists related to handling FAS files that could allow execution of arbitrary VBScript code.

- An error exists related to dynamic library loading.
The application insecurely looks in the current working directory when resolving DLL dependencies. Attackers may exploit the issue by placing a specially crafted DLL file and another file associated with the application in a location controlled by the attacker. When the associated file is launched, the attacker's arbitrary code can be executed. (CVE-2014-0819)


Upgrade to Autodesk AutoCAD 2014 or later.

See Also

Plugin Details

Severity: High

ID: 73291

File Name: autocad_2014.nasl

Version: $Revision: 1.1 $

Type: local

Agent: windows

Family: Windows

Published: 2014/04/01

Modified: 2014/04/01

Dependencies: 73290

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:autodesk:autocad

Required KB Items: SMB/Autodesk AutoCAD/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/03/26

Vulnerability Publication Date: 2014/02/21

Reference Information

CVE: CVE-2014-0818, CVE-2014-0819

BID: 65745, 65749

OSVDB: 103584, 103585