ZDI-23-121: Open Design Alliance (ODA) Drawing SDK DWG File Parsing Memory Corruption Remote Code Execution Vulnerability | allinfosecnews.com

Feb. 9, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

alliance arbitrary code attackers code code execution corruption design drawing dwg exploit file malicious memory memory corruption page parsing remote code remote code execution sdk target vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-440: Delta Electronics InfraSuite Device Master ActiveMQ Deserialization of Untrusted Data Remote Code Execution Vulnerability 14 hours ago | www.zerodayinitiative.com

activemq arbitrary code attackers authentication +20

ZDI-24-441: Delta Electronics CNCSoft-B DOPSoft Uncontrolled Search Path Remote Code Execution Vulnerability 14 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +17

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com

arbitrary code attackers bluetooth code +20

ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 14 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

Technical Support Engineer - Cyber Security

@ Microsoft | Taipei, Taipei City, Taiwan

View on infosec-jobs.com

Senior Security Engineer

@ Workato | Barcelona, Spain

View on infosec-jobs.com

Regional Cybersecurity Specialist

@ Bayer | Singapore, Singapore, SG

View on infosec-jobs.com

Cyber Security Network Engineer

@ Nine | North Sydney, Australia

View on infosec-jobs.com

Professional, IAM Security

@ Ingram Micro | Manila Shared Services Center

View on infosec-jobs.com

Principal Windows Threat & Detection Security Researcher (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com