SolidWorks 资源管理错误漏洞

SolidWorks is a 3D CAD software from SolidWorks that runs on the Microsoft Windows platform. A security vulnerability exists in SolidWorks versions 2021 through 2023, which stems from a post-release reuse, out-of-bounds write, and heap-based buffer overflow vulnerability during file reads that...

Dassault Systèmes SolidWorks SLDPRT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2023-21267 · Dassault Systèmes · Solidworks

Name of the Vulnerable Software and Affected Versions: SOLIDWORKS Desktop versions Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023 Description: The issue exists in the DWG and DXF file reading procedure, allowing an attacker to execute arbitrary code while opening a specially crafted file...

SolidWorks 资源管理错误漏洞

SolidWorks is a 3D CAD software from SolidWorks that runs on the Microsoft Windows platform. A security vulnerability exists in SolidWorks versions 2021 through 2023, which stems from the presence of a post-release reuse vulnerability during file reading that could allow an attacker to execute...

Dassault Systèmes SolidWorks DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Dassault Systèmes SolidWorks DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Dassault Systèmes SolidWorks DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes SolidWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-39806

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing .slddrw, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

CVE-2022-39807

Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing .sldasm, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the us...

CVE-2022-39807

Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing .sldasm, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the us...

CVE-2022-39806

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing .slddrw, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

CVE-2022-39807

Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing .sldasm, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the us...

CVE-2022-39804

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part .sldprt, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

CVE-2022-39804

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part .sldprt, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

CVE-2022-39806

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing .slddrw, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

CVE-2022-39804

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part .sldprt, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

Code injection

Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing .sldasm, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the us...

Stack overflow

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing .slddrw, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

Stack overflow

Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part .sldprt, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

CVE-2022-39806

Summary of CVE-2022-39806 : The vulnerability affects SAP 3D Visual Enterprise Author (version 9) and specifically the parsing/handling of SolidWorks Drawing files (.slddrw) via CoreCadTranslator.exe. Root cause: improper memory management leading to a stack-based overflow or reuse of a dangling ...