CVE-2024-23127: Heap-based Buffer Overflow Vulnerability in the VCRUNTIME140.dll when Parsing Maliciously Crafted MODEL, SLDPRT, or SLDASM Files through Autodesk AutoCAD

---
TL;DR: A buffer overflow vulnerability (CVE-2024-23127) was recently discovered in VCRUNTIME140.dll when parsing specially crafted MODEL, SLDPRT, or SLDASM files through Autodesk AutoCAD. An attacker can exploit this vulnerability to cause a crash, read sensitive data, or execute arbitrary code running in the current process context. The following post provides insights into the exploit, sample code snippets, and links to original references.

Introduction

A heap-based buffer overflow vulnerability, tracked as CVE-2024-23127, has been discovered in the VCRUNTIME140.dll when parsing maliciously crafted MODEL, SLDPRT, or SLDASM files through Autodesk AutoCAD. This vulnerability allows an attacker to corrupt memory and cause the application to crash. Moreover, a malicious actor can exploit this vulnerability to potentially access sensitive data or execute arbitrary code in the context of the current process.

In computer security, a buffer overflow occurs when a program writes data to a buffer and exceeds the buffer size allocated in memory. An attacker can exploit this by overwriting adjacent memory locations and causing unexpected consequences such as crashes, data leakage, or arbitrary code execution.

Exploit Overview

In the case of CVE-2024-23127, the VCRUNTIME140.dll, a component of AutoCAD, is responsible for handling the parsing of MODEL, SLDPRT, and SLDASM files. The vulnerability is triggered when a maliciously crafted file is parsed, causing a heap-based buffer overflow.

Here is a sample code snippet to demonstrate how a malicious file can be crafted to exploit the vulnerability:

#include <stdio.h>
#include <stdlib.h>

int main() {
    FILE *fp = fopen("malicious.sldprt", "wb");
    if (!fp) {
      printf("Error opening the file.\n");
      return -1;
    }

    // Write a specially crafted header that causes the vulnerability to trigger
    // (this is just a sample, not the actual header)
    const char *header = "BAD_HEADER";
    fwrite(header, 1, strlen(header), fp);

    // Add malicious payload designed to cause a heap-based buffer overflow
    char payload[1024];
    memset(payload, 'A', sizeof(payload));
    fwrite(payload, 1, sizeof(payload), fp);

    fclose(fp);
    return ;
}

When this malicious file is opened in Autodesk AutoCAD, it causes a heap-based buffer overflow in the VCRUNTIME140.dll component. This can result in a crash, data leakage, or in the worst case, an arbitrary code execution.

Original References and Related Links

1. AutoCAD Buffer Overflow Vulnerability - CVE-2024-23127 Official Entry
2. Autodesk AutoCAD Product Website
3. VCRUNTIME140.dll Vulnerabilities and Risk Details

Mitigation and Next Steps

Users of Autodesk AutoCAD are advised to keep their software up to date and apply security patches as soon as they become available. The AutoCAD development team is aware of this vulnerability, and they are working on a fix. In the meantime, avoid opening untrusted MODEL, SLDPRT, or SLDASM files. This vulnerability underscores the importance of always validating input data, even from trusted sources.

Stay vigilant and ensure your software is up-to-date with security patches to mitigate the risks associated with this vulnerability.

Timeline

Published on: 02/22/2024 03:15:08 UTC
Last modified on: 03/18/2024 00:15:07 UTC