Lucene search

[email protected]NVD:CVE-2023-2763

HistoryJul 12, 2023 - 8:15 a.m.

CVE-2023-2763

2023-07-1208:15:10

CWE-416

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

use-after-free

out-of-bounds write

heap-based buffer overflow

solidworks desktop

release 2021

release 2023

arbitrary code execution

dwg

dxf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.5%

JSON

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.

Affected configurations

Nvd

Node

3ds3dexperience_solidworksRange2021–2023

VendorProductVersionCPE
3ds3dexperience_solidworks*cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
3ds	3dexperience_solidworks	*	cpe:2.3:a:3ds:3dexperience_solidworks::::::::

References

www.3ds.com/vulnerability/advisories

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.5%

JSON

Related for NVD:CVE-2023-2763

cve1 zdi4 prion1 cvelist1 vulnrichment1