An attacker could leverage this vulnerability to execute arbitrary code in the context of the affected system. This vulnerability can be exploited remotely by uploading a malicious dwg2spd file to the victim’s system via a phishing email, a malicious website, etc.
CVE-2018-5383: Memory Corruption Vulnerability in Autodesk DWG2SPD Application
An attacker could leverage a memory corruption vulnerability in Autodesk DWG2SPD application to execute arbitrary code on the affected system in remote attack. This code could be used to capture credentials, monitor user activities, or perform other malicious activities.
Impact: An attacker could exploit these vulnerabilities to execute arbitrary code in the context of the current process.
CVE-2018-5385: Code Execution in Autodesk DWG2SPD Application
An attacker could exploit one of these vulnerabilities to execute arbitrary code in remote attack.
Severity: An attacker with low skill could exploit these vulnerabilities to obtain remote code execution.
Exploitable: These vulnerabilities are publicly exploitable.
CVE-2018-5381: Improper Restriction of Special Elements used in a Remote Code Execution
An attacker could leverage a remote code execution vulnerability to obtain remote code execution.
Affected version: Autodesk DWG2SPD version prior to 2018.5
Patched version: Autodesk DWG2SPD version 2018.5
More
Important Tips to Stay Safe While Using Autodesk DWG2SPD
* Be sure to always keep your software up-to-date.
* If you are an organization with users that are on Autodesk DWG2SPD, use proper training to avoid unintentional exploitation of these vulnerabilities.
* There is also a risk of data leakage if the attacker is able to exploit this vulnerability and obtain access to your network shares.
Affected Product
Autodesk DWG2SPD
Versions prior to 2018.5
Affected Products: Autodesk DWG2SPD
Specification of vulnerable components
The vulnerable component is Autodesk DWG2SPD application.
Affected versions: Autodesk DWG2SPD version prior to 2018.5
Patched versions: Autodesk DWG2SPD version 2018.5
Timeline
Published on: 10/03/2022 15:15:00 UTC
Last modified on: 10/05/2022 19:12:00 UTC