Autodesk AutoCAD DWG Buffer Overflow

Medium Nessus Plugin ID 73292


An application on the remote host is affected by a buffer overflow vulnerability.


The remote host has a version of Autodesk AutoCAD installed that is potentially affected by an error related to handling DWG files that could lead to buffer overflows and possibly arbitrary code execution.


Apply the patch provided by the vendor. Note that :

- AutoCAD 2011 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2012 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2013 Service Pack 2 is a pre-requisite to apply the patch.

- AutoCAD 2014 Service Pack 1 contains the patch.

See Also

Plugin Details

Severity: Medium

ID: 73292

File Name: autocad_dwg_overflow.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2014/04/01

Modified: 2014/05/05

Dependencies: 73290

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:autodesk:autocad, cpe:/a:autodesk:autocad_architecture, cpe:/a:autodesk:autocad_civil_3d, cpe:/a:autodesk:autocad_ecscad, cpe:/a:autodesk:autocad_electrical, cpe:/a:autodesk:autocad_lt, cpe:/a:autodesk:autocad_map_3d, cpe:/a:autodesk:autocad_mechanical, cpe:/a:autodesk:autocad_mep, cpe:/a:autodesk:autocad_p%26id, cpe:/a:autodesk:autocad_plant_3d, cpe:/a:autodesk:autocad_structural_detailing, cpe:/a:autodesk:autocad_utility_design

Required KB Items: SMB/Autodesk AutoCAD/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/07/10

Vulnerability Publication Date: 2013/06/27

Reference Information

CVE: CVE-2013-3665

BID: 61355

OSVDB: 95384