CVE-2024-23129: Memory Corruption Vulnerability in Autodesk AutoCAD via Maliciously Crafted 3D Model Files

In this deep dive, we will analyze a recently discovered memory corruption vulnerability affecting Autodesk AutoCAD software suite (CVE-2024-23129). A specially crafted 3D model file, in 3DM, STP, or SLDASM format, could allow an attacker to cause a memory corruption by a write access violation when it is parsed through Autodesk's opennurbs.dll library. When combined with other vulnerabilities, this specific vulnerability can potentially lead to code execution in the context of the current process. As a result, a threat actor with local access to an affected system could compromise the integrity of the software and its associated data, obtaining unauthorized control and access.

_Potential Impact_: Code Execution

The vulnerability is triggered by parsing a maliciously crafted 3D model file through the opennurbs.dll library. This library is typically responsible for handling and rendering 3D model files within Autodesk AutoCAD. When the crafted file is loaded into AutoCAD, the library incorrectly handles certain memory operations, resulting in a write access violation and possible memory corruption. Further exploitation of this vulnerability alongside others could lead to arbitrary code execution.

Code Snippet

Let's examine a code snippet that demonstrates this vulnerability. Assume the following parse_model_file() function, which is part of the opennurbs.dll, is called to parse a 3D model file:

void parse_model_file(const char* file_path) {
    Model3D* model = new Model3D();
    if (model->load(file_path)) {
        model->process();
    }
    delete model;
}

An attacker could craft a 3D model file (in 3DM, STP, or SLDASM format) that could cause the model->process() function to trigger a memory corruption, which in turn could execute malicious code on the victim's system. This code snippet only provides a high-level illustration of the vulnerability, and actual exploitation would require a more detailed understanding of the opennurbs.dll library's internal mechanics.

Mitigation and Recommendations

Autodesk has released a patch to address this vulnerability. Users are advised to update their AutoCAD software to the latest version available. Additionally, extra caution should be exercised when opening 3D model files from untrusted sources.

For more information on the vulnerability, refer to the following resources

- Autodesk Security Advisory
- CVE Database Entry
- National Vulnerability Database (NVD) Entry

Conclusion

CVE-2024-23129 is a memory corruption vulnerability in Autodesk AutoCAD that can be exploited using a maliciously crafted 3D model file. It is essential for users to keep their AutoCAD software updated to the latest version and exercise caution when opening 3D model files from untrusted sources. By being aware of these vulnerabilities and taking the appropriate steps to protect yourself, you can reduce the risk of exploitation and maintain the safety and integrity of your software and data.

Timeline

Published on: 02/22/2024 04:15:08 UTC
Last modified on: 03/18/2024 00:15:07 UTC