Lucene search
Michael DePlante (@izobashi) of Trend Micro's Zero Day InitiativeZDI-23-584HistoryMay 12, 2023 - 12:00 a.m.
Autodesk 3DS Max USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-05-1200:00:00
Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
www.zerodayinitiative.com
13
autodesk 3ds max
usd file
remote code execution
vulnerability
remote attackers
arbitrary code
user interaction
allocated buffer
current process
EPSS
0.001
Percentile
49.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD files. Crafted data in a USD file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cve
cve
CVE-2023-25009
2023-05-12 21:15:09
cvelist
cvelist
CVE-2023-25009
2023-05-12 00:00:00
nvd
nvd
CVE-2023-25009
2023-05-12 21:15:09
prion
prion
Out-of-bounds
2023-05-12 21:15:00