Lucene search

AutodeskCVE-2024-23139

HistoryMar 18, 2024 - 12:15 a.m.

CVE-2024-23139

2024-03-1800:15:07

CWE-787

autodesk

web.nvd.nist.gov

cve-2024-23139

out-of-bounds write

autodesk fbx review

code execution

information disclosure

actionscript

abc files

flash compiler

vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

32.5%

JSON

An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code “ABC” files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "FBX Review",
    "vendor": "Autodesk",
    "versions": [
      {
        "status": "affected",
        "version": "1.5.3.0"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0005

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

32.5%

JSON

Related for CVE-2024-23139