CVE-2024-23124 is a recently discovered vulnerability in Autodesk AutoCAD, relating specifically to how the program processes certain STEP/STP files using the ASMIMPORT228A.dll library. By crafting a malicious STP file designed to exploit this issue, an attacker can cause an out-of-bound write. This vulnerability can let a hacker crash the application, overwrite sensitive data, or even run code on your machine as if they were you.
Why This Is a Big Deal
AutoCAD is widely used in engineering, architecture, and design — often on machines holding valuable blueprints and proprietary data. If an attacker can sneak a poisoned STP file onto such a system (for example, by sending it over email or sharing it over a network), opening that file in AutoCAD could give them direct, silent access to the machine.
The Problem: Out-Of-Bound Write in ASMIMPORT228A.dll
When AutoCAD parses a STEP (.stp) file for import or viewing, it loads and processes the file with the ASMIMPORT228A.dll component. A bug in this process lets a specially crafted file reference memory it shouldn’t — writing data outside the buffer it reserved. That’s an “out-of-bounds write,” the kind of mistake that hackers love.
Demonstrating the Vulnerability
Let’s see a simple example (for educational purposes only) showing how a malformed STP file could look. Real-world exploits will use more elaborate payloads and obfuscation.
Below is a simplified fragment of a STEP/STP file. A typical STEP entity might look like
#10=VERTEX_POINT('',#11);
#11=CARTESIAN_POINT('',(1.,2.,3.));
A malicious file might deliberately use huge indexes or buffer-overflow-inducing parameters, like so
#999999=VERTEX_POINT('',#100000);
#100000=CARTESIAN_POINT('',(1.E+308,2.E+308,3.E+308));
Such extreme or malformed values, especially when nested or repeated thousands of times, can break the parsing logic in the DLL, causing crashes or triggering an out-of-bounds write.
Below is a *conceptual* pseudocode example of what might be going wrong inside ASMIMPORT228A.dll
void parseSTEPFile(char* data) {
struct Point* points = malloc(100 * sizeof(struct Point)); // Only room for 100 points
for (int i = ; i < entryCount; i++) {
int idx = entries[i].index; // e.g., 100000 from the malicious file
points[idx] = parsePoint(entries[i].data); // Oops! Writes WAY outside the buffer!
}
}
If idx is much larger than 100, we start writing memory that doesn’t belong to us. An attacker can arrange for their payload to end up somewhere useful — maybe even right on the stack, or in a code area, allowing them to hijack the program.
Real Exploit Scenario
1. The attacker crafts a malicious STP file (as above).
2. The victim opens it in AutoCAD (with a vulnerable version of ASMIMPORT228A.dll).
3. The DLL writes out-of-bounds, corrupting memory.
4. The attacker’s data (maybe a small shellcode, or pointers to system functions) gets executed as part of the application.
5. Now the attacker controls the computer in the context of the user running AutoCAD.
Proof-Of-Concept Exploit Outline
*This doesn't include a full working exploit for ethical reasons, but it gives the basic attack workflow.*
# pseudocode for generating a malicious STEP file
def create_malicious_step(filename):
with open(filename, "w") as f:
f.write("#1=VERTEX_POINT('',#2);\n")
for i in range(10000): # generate a huge amount of data to trigger OOB
f.write("#{}=CARTESIAN_POINT('',({1}, {2}, {3}));\n".format(100 + i, i*1e308, i*1e308, i*1e308))
create_malicious_step("crash_me.stp")
Links and References
- NIST National Vulnerability Database - CVE-2024-23124
- Autodesk Security Bulletin for 2024
- STEP File Format Specification (Wikipedia)
Update AutoCAD: Patch as soon as Autodesk releases an update closing this hole!
- Don’t Open Suspicious Files: Never open .stp, .step, or other files from untrusted sources, even if they appear harmless.
Final Thoughts
CVE-2024-23124 shows how something as innocent as a 3D model file can be turned into a hacking weapon. If you use AutoCAD, stay up to date, be careful with the files you open, and keep security practices sharp.
*For more technical info or a patch, always check Autodesk’s official site!*
Timeline
Published on: 02/22/2024 03:15:08 UTC
Last modified on: 08/01/2024 13:47:06 UTC