CVE-2024-23125: Stack-based Buffer Overflow Vulnerability in Autodesk AutoCAD via Maliciously Crafted SLDPRT File

A recently discovered security vulnerability, CVE-2024-23125, demonstrates a stack-based buffer overflow vulnerability in Autodesk AutoCAD, a prominent Computer-Aided Design (CAD) application. This vulnerability occurs when a maliciously-crafted SLDPRT file is parsed using the ODXSW_DLL.dll component in Autodesk AutoCAD. Bad actors can utilize this vulnerability to cause a crash, access sensitive data, or execute arbitrary code in the context of the current process.

Exploit Details

The flaw results from a lack of proper boundary checks when parsing SolidWorks (SLDPRT) files. When Autodesk AutoCAD reads a specifically crafted file, it can lead to a stack-based buffer overflow due to the overflow of data in the buffer. Essentially, this means that an attacker can manipulate the buffer to execute code on the host machine.

Code Snippet

Let's take a brief look at a simple example that demonstrates how this vulnerability can be exploited:

#include <stdio.h>
#include <string.h>

int main() {
   char buffer[100];
   char payload[] = "MALICIOUS_CODE_BUFFER_OVERFLOW_SLDPRT_FILE";

   memcpy(buffer, payload, strlen(payload));

   return ;
}

In this example, the payload contains a malicious code, which could be incorporated in a specifically crafted SLDPRT file. The memcpy function transfers the payload into the buffer without checking the buffer size, leading to a buffer overflow.

Original References: Autodesk Security Advisory

To gain more insight into the security vulnerability, you can review the following security advisory provided by Autodesk:

- Autodesk Security Advisory: CVE-2024-23125

Workarounds and Mitigation

Until a patch for this vulnerability is made available, you can follow the steps below to reduce the risk of exploitation:

1. Always validate the source of SLDPRT files before opening them in Autodesk AutoCAD. Refrain from downloading or opening files from unfamiliar sources.

Disable or block the parsing of SLDPRT files in Autodesk AutoCAD.

3. Implement necessary security measures, such as updating antivirus and firewall rules, to block known malicious IP addresses or domains.

It is essential to stay informed about updates and patches released by Autodesk to address this vulnerability promptly.

Conclusion

CVE-2024-23125 highlights the significance of securing software applications and implementing proper security measures. The vulnerability can have severe consequences for users as it exposes sensitive data and allows arbitrary code execution. It's crucial to be cautious when dealing with SLDPRT files and take necessary precautions until a fix is released by Autodesk. By understanding the nature of the vulnerability and its potential impact, users can take appropriate actions to protect their systems from exploitation.

Timeline

Published on: 02/22/2024 03:15:08 UTC
Last modified on: 02/22/2024 19:07:27 UTC