Due to the nature of X_T files, this issue cannot be exploited automatically through email or browsing. Instead, an attacker would have to convince users to open a specially crafted file.
CVE Mitigation There is no known workaround at this time. We will update this advisory as soon as more information becomes available.
On May 20, 2018, a vulnerability was reported in Parasolid V33.1 (All versions V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 V33.1.263), Parasolid V34.0 (All versions V34.0.252), Parasolid V34.1 (All versions V34.1.242), Parasolid V35.0 (All versions V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 V35.0.164), Simcenter Femap V2022.1 (All versions V2022.1.3). The application is vulnerable to a double-free condition due to incorrect input validation in the code that handles parsing X_T files. An attacker could exploit this vulnerability to execute arbitrary code. (ZDI-CAN-19236) On May 15, 2018, a vulnerability was reported in Parasolid V34.1 (All versions V34.1.242), Parasolid V35.0 (All versions V35.
Vulnerability Description
The vulnerability exists within the handling of X_T file parsing in Parasolid V33.1 (All versions V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 V33.1.263), Parasolid V34.0 (All versions V34.0.252), Parasolid V34.1 (All versions V34.1.242), Parasolid V35.0 (All versions V35.0.161), and Simcenter Femap v2022 on Windows systems with a vulnerable version of the application installed, resulting in a double-free condition due to incorrect input validation in the code that handles parsing X_T files, which could be exploited to execute arbitrary code on affected computers by convincing users to open a specially crafted file with an affected application installed on it.(ZDI-CAN-19236)
Affected Software
Parasolid V33.1 (All versions V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 V33.1.263),
Parasolid V34.0 (All versions V34.0.252),
Parasolid V34.1 (All versions V34.1.242), Parasolid V35
(All versions V35,0,161), Simcenter Femap v2022 1, 2
Timeline
Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/13/2022 15:13:00 UTC