CVE CyberSecurity Database News

CVE-2024-23124 - How a Malicious STP File in ASMIMPORT228A.dll Can Compromise AutoCAD (with Code and Exploit Details)

Poster -

CVE-2024-23124 is a recently discovered vulnerability in Autodesk AutoCAD, relating specifically to how the program processes certain STEP/STP files using the ASMIMPORT228A.dll library. By crafting a malicious STP file designed to exploit this issue, an attacker can cause an out-of-bound write. This vulnerability can let a hacker crash the application, overwrite sensitive data, or even run code on your machine as if they were you.

Why This Is a Big Deal

AutoCAD is widely used in engineering, architecture, and design — often on machines holding valuable blueprints and proprietary data. If an attacker can sneak a poisoned STP file onto such a system (for example, by sending it over email or sharing it over a network), opening that file in AutoCAD could give them direct, silent access to the machine.

The Problem: Out-Of-Bound Write in ASMIMPORT228A.dll

When AutoCAD parses a STEP (.stp) file for import or viewing, it loads and processes the file with the ASMIMPORT228A.dll component. A bug in this process lets a specially crafted file reference memory it shouldn’t — writing data outside the buffer it reserved. That’s an “out-of-bounds write,” the kind of mistake that hackers love.

Demonstrating the Vulnerability

Let’s see a simple example (for educational purposes only) showing how a malformed STP file could look. Real-world exploits will use more elaborate payloads and obfuscation.

Below is a simplified fragment of a STEP/STP file. A typical STEP entity might look like

#10=VERTEX_POINT('',#11);
#11=CARTESIAN_POINT('',(1.,2.,3.));

A malicious file might deliberately use huge indexes or buffer-overflow-inducing parameters, like so

#999999=VERTEX_POINT('',#100000);
#100000=CARTESIAN_POINT('',(1.E+308,2.E+308,3.E+308));

Such extreme or malformed values, especially when nested or repeated thousands of times, can break the parsing logic in the DLL, causing crashes or triggering an out-of-bounds write.

Below is a *conceptual* pseudocode example of what might be going wrong inside ASMIMPORT228A.dll

void parseSTEPFile(char* data) {
    struct Point* points = malloc(100 * sizeof(struct Point)); // Only room for 100 points

    for (int i = ; i < entryCount; i++) {
        int idx = entries[i].index; // e.g., 100000 from the malicious file
        points[idx] = parsePoint(entries[i].data); // Oops! Writes WAY outside the buffer!
    }
}

If idx is much larger than 100, we start writing memory that doesn’t belong to us. An attacker can arrange for their payload to end up somewhere useful — maybe even right on the stack, or in a code area, allowing them to hijack the program.

Real Exploit Scenario

1. The attacker crafts a malicious STP file (as above).

2. The victim opens it in AutoCAD (with a vulnerable version of ASMIMPORT228A.dll).

3. The DLL writes out-of-bounds, corrupting memory.

4. The attacker’s data (maybe a small shellcode, or pointers to system functions) gets executed as part of the application.

5. Now the attacker controls the computer in the context of the user running AutoCAD.

Proof-Of-Concept Exploit Outline

*This doesn't include a full working exploit for ethical reasons, but it gives the basic attack workflow.*

# pseudocode for generating a malicious STEP file
def create_malicious_step(filename):
    with open(filename, "w") as f:
        f.write("#1=VERTEX_POINT('',#2);\n")
        for i in range(10000): # generate a huge amount of data to trigger OOB
            f.write("#{}=CARTESIAN_POINT('',({1}, {2}, {3}));\n".format(100 + i, i*1e308, i*1e308, i*1e308))
create_malicious_step("crash_me.stp")

- NIST National Vulnerability Database - CVE-2024-23124
- Autodesk Security Bulletin for 2024
- STEP File Format Specification (Wikipedia)

Update AutoCAD: Patch as soon as Autodesk releases an update closing this hole!

- Don’t Open Suspicious Files: Never open .stp, .step, or other files from untrusted sources, even if they appear harmless.

Final Thoughts

CVE-2024-23124 shows how something as innocent as a 3D model file can be turned into a hacking weapon. If you use AutoCAD, stay up to date, be careful with the files you open, and keep security practices sharp.

*For more technical info or a patch, always check Autodesk’s official site!*

Timeline

Published on: 02/22/2024 03:15:08 UTC
Last modified on: 08/01/2024 13:47:06 UTC