This is a memory corruption vulnerability that exists in the decoding of Design Web Format (DWF) files in AutoDesk Design Review. More information can be found on the related Fortinet Zero Day Advisory pages by clicking the CVE links, below: CVE-2022-27525 Impact: Multiple Vulnerabilities leading to Arbitrary Code Execution or Information Disclosure.įollowing are some details on these vulnerabilities. Users of Autodesk Navisworks versions 2022.1 and earlier, 2021.2 and earlier, 2020.3 and earlier, 2019.5 and earlier.
Users of Autodesk Design Review versions 2018 Hotfix 4 and earlier.Due to the severity of these vulnerabilities, we suggest users apply the AutoDesk patches as soon as possible. All these vulnerabilities have different root causes pertaining to the decoding of several file formats by the vulnerable AutoDesk products. Last week (the week of March 28, 2022), AutoDesk released several security patches ( 1, 2 & 3 ) which fixed them. Towards the end of 2021, we discovered and reported multiple zero-day vulnerabilities in AutoDesk products: DWG TrueView, Design Review and Navisworks.
0 kommentar(er)
