Autodesk AutoCAD < 2014 Multiple Vulnerabilities
High Nessus Plugin ID 73291
SynopsisAn application on the remote host is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Autodesk AutoCAD installed prior to AutoCAD 2014. It is, therefore, potentially affected by the following vulnerabilities :
- An error exists related to handling FAS files that could allow execution of arbitrary VBScript code.
- An error exists related to dynamic library loading.
The application insecurely looks in the current working directory when resolving DLL dependencies. Attackers may exploit the issue by placing a specially crafted DLL file and another file associated with the application in a location controlled by the attacker. When the associated file is launched, the attacker's arbitrary code can be executed. (CVE-2014-0819)
SolutionUpgrade to Autodesk AutoCAD 2014 or later.