Use-After-Free in Autodesk pskernel.DLL via X_B/X_T files
CVE-2024-37007 Published on June 25, 2024

Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

NVD

Vulnerability Analysis

CVE-2024-37007 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2024-37007 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2024-37007

Want to know whenever a new CVE is published for AutoDesk products? stack.watch will email you.

AutoDesk Autocad
 
AutoDesk Autocad Architecture
 
AutoDesk Autocad Electrical
 
AutoDesk Autocad Map 3d
 
AutoDesk Autocad Mechanical
 
AutoDesk Autocad Mep
 
AutoDesk Autocad Plant 3d
 
AutoDesk Civil 3d
 
AutoDesk Advance Steel
 

Affected Versions

Autodesk AutoCAD: Autodesk AutoCAD Architecture: Autodesk AutoCAD Electrical: Autodesk AutoCAD Mechanical: Autodesk AutoCAD MEP: Autodesk AutoCAD Plant 3D: Autodesk Civil 3D: Autodesk Advance Steel: Autodesk AutoCAD MAP 3D:

Exploit Probability

EPSS
0.95%
Percentile
76.17%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.