ZDI-24-296: Autodesk DWG TrueView DWG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | allinfosecnews.com

March 27, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk DWG TrueView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23138.

arbitrary code attackers autodesk buffer buffer overflow code code execution cvss dwg exploit file malicious overflow page parsing rating remote code remote code execution stack target vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-469: Avira Prime Link Following Local Privilege Escalation Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

attacker attackers avira code +20

ZDI-24-468: Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +16

ZDI-24-467: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

arbitrary code attack attackers attack vectors +21

ZDI-24-466: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-465: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-464: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-463: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-462: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-461: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 18 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States

View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France

View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom

View on infosec-jobs.com