CVE-2024-23130: Memory Corruption Vulnerability Discovered in Autodesk AutoCAD due to Maliciously Crafted SLDASM and SLDPRT Files

In this long read, we will dive deep into the recent discovery of a memory corruption vulnerability found in Autodesk AutoCAD software, identified by the identifier CVE-2024-23130. The vulnerability occurs when Autodesk AutoCAD parses maliciously crafted SLDASM or SLDPRT files in ODXSW_DLL.dll, resulting in a write access violation. To understand the impact and exploit the vulnerability, we need to meticulously analyze it and explore the potential risks this vulnerability carries.

Autodesk AutoCAD is a computer-aided design (CAD) software used by architects, engineers, and construction professionals to create precise 2D and 3D drawings. As a widely used software, it is essential to identify and promptly address any vulnerability that poses a threat to the millions of users worldwide.

Memory Corruption Vulnerability

The memory corruption vulnerability (CVE-2024-23130) arises as a result of a write access violation occurring when Autodesk AutoCAD handles a maliciously crafted SLDASM or SLDPRT file in ODXSW_DLL.dll. This vulnerability, when combined with other vulnerabilities, can potentially lead to code execution in the context of the current process.

Here is a simple code snippet demonstrating this vulnerability

#include <iostream>
#include <fstream>
#include <exception>

int main(int argc, char *argv[]) {
    if (argc < 2) {
        std::cerr << "Usage: " << argv[] << " <SLDASM or SLDPRT file>" << std::endl;
        return 1;
    }

    try {
        std::ifstream file(argv[1], std::ios::in | std::ios::binary);
        if (!file) {
            throw std::runtime_error("Failed to open file");
        }

        // ... parse content of SLDASM or SLDPRT file ...

        // Vulnerable operation
        char *buffer = new char[number_of_bytes];
        file.read(buffer, number_of_bytes);
        delete[] buffer;

    } catch (const std::exception &e) {
        std::cerr << "Error: " << e.what() << std::endl;
        return 1;
    }

    return ;
}

The vulnerability, CVE-2024-23130, was disclosed in several sources, including

1. NVD - CVE-2024-23130
2. Autodesk's Security Advisory
3. MITRE's CVE List

To fully exploit the vulnerability (CVE-2024-23130), an attacker can follow these steps

1. Craft malicious SLDASM or SLDPRT files containing specially designed data to trigger the write access violation.

Persuade the victim to open the malicious files using Autodesk AutoCAD software.

4. Once the victim opens the files, the write access violation will cause memory corruption in the ODXSW_DLL.dll.
5. Combining this vulnerability with other known vulnerabilities, the attacker can execute code within the context of the current process, potentially compromising the victim's system.

Fortunately, Autodesk has released a security patch to address this vulnerability. It is crucial for users running Autodesk AutoCAD software to apply the patch immediately.

Conclusion

Identifying and addressing memory corruption vulnerabilities like CVE-2024-23130 is vital in maintaining the security of widely used software like Autodesk AutoCAD. Developers and users must remain vigilant in discovering and patching these flaws, ensuring safe and secure operation for professionals worldwide.

To protect yourself from falling victim to such attacks, keep your software up to date, apply security patches as soon as they are available, and exercise caution when opening files from unknown sources.

Timeline

Published on: 02/22/2024 04:15:08 UTC
Last modified on: 03/18/2024 00:15:07 UTC