CVE-2024-1847 - Critical Vulnerabilities in SOLIDWORKS eDrawings File Reading Process

A dangerous set of vulnerabilities, collectively tracked under CVE-2024-1847, have been discovered in the file reading routines of eDrawings included with SOLIDWORKS 2023 up to SOLIDWORKS 2024. These vulnerabilities include Heap-based Buffer Overflow, Stack-based Buffer Overflow, Use-After-Free, Out-Of-Bounds Read/Write, Type Confusion, Memory Corruption, and Uninitialized Variable issues. All are triggered during the parsing of several popular 3D and CAD file formats like CATPART, DWG, DXF, IPT, JT, SAT, SLDPRT, STL, STP, X_B, and X_T.

Simply put: If an attacker tricks a user into opening a booby-trapped model file, eDrawings could end up running their code, potentially compromising the whole computer.

In this article, we’ll break down what these bugs mean, how they can be exploited, and what you (or your IT department) need to do.

What is eDrawings?

eDrawings is the viewer bundled with SOLIDWORKS for opening and examining different 2D/3D computer-aided design (CAD) files. Because it processes so many complex file types, it needs to handle innumerable possible file variations – and that’s where trouble can sneak in.

Access to Sensitive Information

That means malware, ransomware, backdoors – even full takeover.

Under the Hood: How the Exploits Work

Without protected code, parsing these file types uses complex C/C++ routines. Errors like failing to check file sizes, trusting file-provided lengths, or mismanaging pointers can lead to memory bugs.

Let’s look at some example code snippets similar to what’s probably in eDrawings.

Heap-based Buffer Overflow

If a file says a section is 4096 bytes, but the code only allocates 1024, data can overwrite other important stuff on the heap.

// Vulnerable C-style pseudocode
uint32_t length = readLengthFromFile(inputFile);
char *buffer = malloc(1024);
fread(buffer, 1, length, inputFile); // May overrun 'buffer'!

Fix: Always check that data to be read fits the target buffer.

Uninitialized Variable

When code uses a variable whose value was never set.

char buf[256];
if (someCondition) {
    // forgot to initialize buf!
}
processBuffer(buf); // buf contains garbage

This can leak memory contents or cause unpredictable behavior.

Use-After-Free and Out-Of-Bounds Write

char *data = malloc(size);
free(data);
strcpy(data, "attacker control!"); // Use-after-free!

or

char buffer[10];
buffer[20] = 'X';  // Out-of-bounds write

Both can hijack program flow.

Stack-based Buffer Overflow

When the program copies too much data into a stack variable, overwriting return addresses.

void processUserInput(char *input) {
    char buf[64];
    strcpy(buf, input); // Overflow possible!
}

Type Confusion

Reading malformed file data as the wrong type, so the wrong functions/fields are used.

Let’s imagine how a malicious DWG file could exploit a buffer overflow

1. Attacker creates a DWG file whose header claims it contains a 1MB section, but the file actually only writes a few bytes, then puts attack code immediately after.
2. eDrawings allocates a 4KB buffer (supposed max section size), then blindly reads 1MB from the file into it, overflowing the buffer.

The "overflow" data includes rewrite instructions for the app’s return address.

4. When eDrawings returns from reading, it jumps to attacker’s code (payload), letting them run anything.

Proof-of-Concept (PoC) Example

*Note: The exact exploit is proprietary, but here’s a tiny simulation for education only.*

# This python code creates a malformed STL file with a fake large size.
with open('exploit.stl', 'wb') as f:
    f.write(b'...' + b'A'*10000 + b'exploit_code_here')

Who’s Impacted and How Serious Is It?

- SOLIDWORKS 2023/2024 users.

Businesses that exchange design files with suppliers or partners.

Severity: Critical – remote code execution is possible!

Original References

- MITRE CVE Entry
- NIST NVD Tracking
- Dassault Systèmes Security Advisory

DO NOT open files from untrusted sources.

2. Apply official updates from the Dassault Systèmes SOLIDWORKS support page (patches, if available).

Conclusion

CVE-2024-1847 shows how powerful and dangerous file parsing bugs can be, especially in popular design tools like SOLIDWORKS eDrawings. Always stay updated, and remember: A single accidental file click could infect your entire organization.

Stay safe and always verify strange files—even if they look like innocent designs from a supplier!

Timeline

Published on: 02/28/2024 18:15:45 UTC
Last modified on: 02/29/2024 13:49:47 UTC