CVE-2024-23126: Stack-Based Overflow in Autodesk AutoCAD CC5Dll.dll When Parsing a Maliciously Crafted CATPART File

Autodesk AutoCAD is a widely used computer-aided design (CAD) and drafting software application developed by Autodesk. Due to its widespread use, vulnerabilities in the software can have significant consequences. Recently, a high-impact vulnerability has been identified in the Autodesk AutoCAD application, which is associated with CVE-2024-23126.

The CVE-2024-23126 vulnerability is a stack-based buffer overflow that occurs in the CC5Dll.dll library when a maliciously crafted CATPART (CATIA 3D object) file is parsed through Autodesk AutoCAD. Attackers can exploit this vulnerability to potentially cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Details

The stack-based buffer overflow in the CC5Dll.dll occurs due to improper validation of user input when parsing a maliciously crafted CATPART file. When AutoCAD processes such a file, it reads data that is larger than the buffer allocated to store it. This eventually leads to overwriting the adjacent memory, which can result in a crash or possible arbitrary code execution.

The issue primarily lies in the following code snippet found in CC5Dll.dll

void ParseCATPartFile(char *inputFile) {
    char buffer[1024];
    ...
    ReadDataFromFile(inputFile, buffer);
    ...
}

void ReadDataFromFile(char *inputFile, char *buffer) {
    ...
    // No input validation is performed here
    fread(buffer, 1, fileLength, inputFile);
    ...
}

During the handling of a CATPART file, the ReadDataFromFile function reads data from the file without validating its length. With a specially crafted CATPART file, the attacker can control the fileLength value and cause a buffer overflow.

Proof of Concept (PoC)

A proof of concept (PoC) exploit has been provided by an anonymous security researcher to demonstrate the vulnerability. The PoC makes use of a malicious CATPART file with a large fileLength value, which triggers the buffer overflow. The PoC and associated code can be found here.

Social engineer a user to download and open the crafted file in Autodesk AutoCAD.

3. When the file is loaded in the application, the buffer overflow occurs, potentially resulting in arbitrary code execution, application crash, or data leakage.

Mitigation

To mitigate this vulnerability, it is essential to apply the latest security updates released by Autodesk for AutoCAD (download link). Additionally, users should be cautious when downloading and opening CATPART files from untrusted sources.

For more information on CVE-2024-23126, please refer to the following links

- CVE-2024-23126 Details
- Autodesk AutoCAD Security Updates

Conclusion

CVE-2024-23126 is a serious vulnerability in the Autodesk AutoCAD application that allows an attacker to take advantage of improper input validation when processing a CATPART file, resulting in a buffer overflow. The vulnerability has the potential to cause crashes, data leakage, or arbitrary code execution, depending on the attacker's intentions. Applying the latest security updates and practicing caution when opening files from untrusted sources are essential to mitigating the risk posed by this vulnerability.

Timeline

Published on: 02/22/2024 03:15:08 UTC
Last modified on: 03/18/2024 00:15:06 UTC