Lucene search
Michael DePlante (@izobashi) of Trend Micro's Zero Day InitiativeZDI-23-582HistoryMay 12, 2023 - 12:00 a.m.
Autodesk 3DS Max USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability
2023-05-1200:00:00
Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
www.zerodayinitiative.com
8
vulnerability
remote attackers
sensitive information
user interaction
malicious page
malicious file
usd files
initialization
pointer
arbitrary code
current process
0.001 Low
EPSS
Percentile
27.4%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Related
cve
cve
CVE-2023-25007
2023-05-12 21:15:09
prion
prion
Remote code execution
2023-05-12 21:15:00
cvelist
cvelist
CVE-2023-25007
2023-05-12 00:00:00
nvd
nvd
CVE-2023-25007
2023-05-12 21:15:09