CVE-2024-23135 – Autodesk AutoCAD Exploit: Manipulating SLDPRT Files in ASMkern228A.dll for User-After-Free Vulnerability and Code Execution

The recently discovered CVE-2024-23135 vulnerability lies within the ASMkern228A.dll file of Autodesk AutoCAD, one of the most popular and widely used Computer-Aided Design (CAD) software. The exploit starts with a maliciously crafted SolidWorks Part (SLDPRT) file, which leads to a user-after-free vulnerability when processed through Autodesk AutoCAD. This vulnerability, along with other associated exploits, can result in unauthorized code execution in the current process, posing a significant risk to end-users' machines and data.

Description

The crux of the CVE-2024-23135 vulnerability revolves around the improper handling of SLDPRT files by ASMkern228A.dll, a component of Autodesk AutoCAD. When an attacker crafts a malicious SLDPRT file that contains specific code and then processes it using AutoCAD, the software exhibits user-after-free vulnerabilities. These vulnerabilities further allow attackers to run unauthorized code execution on the victim's machine, potentially leading to severe consequences such as data breaches, loss of control over the affected system, or worse.

Code Snippet

To better understand this vulnerability, let's take a look at a sample code snippet that demonstrates how a malicious actor may exploit it.

// Malicious SLDPRT file generation
#include <stdio.h>
#include <stdlib.h>

int main() {
    FILE *fp;
    // Specifying the malicious payload
    char payload[] = ".....";
    // Creating the malicious SLDPRT file
    fp = fopen("exploit.sldprt", "wb");
    if (fp == NULL) {
        printf("Error: Unable to create exploit file.\n");
        exit(1);
    }
    // Writing the malicious payload to the file
    fwrite(payload, 1, sizeof(payload) - 1, fp);
    fclose(fp);
}

Exploit Details

1. The attacker initially prepares a malicious SLDPRT file, which includes a specifically crafted payload designed to exploit the user-after-free vulnerability in the ASMkern228A.dll module.
2. The targeted user receives this malicious SLDPRT file and processes it using their Autodesk AutoCAD, unaware of its hidden malicious content.
3. The ASMkern228A.dll component processes the malicious SLDPRT file, allowing the attacker's crafted payload to execute unauthorized code in the current process, leading to a security breach.

Resolution

Autodesk is aware of the CVE-2024-23135 vulnerability and is currently working on a patch to fix the issue. It is important for AutoCAD users to stay informed and promptly apply software updates or patches provided by Autodesk. Meanwhile, users should exercise caution when opening SLDPRT files from unknown sources or received through unsolicited emails.

Original References

For a comprehensive view of the CVE-2024-23135 vulnerability, you can refer to the following resources:
1. National Vulnerability Database (NVD) – This link provides the official CVE-2024-23135 vulnerability details, including the published and modified dates, CVSS calculator, and basic information.
2. Autodesk Security Advisory – Stay up to date on the latest security advisories related to Autodesk products, including AutoCAD.

Conclusion

The CVE-2024-23135 exploit poses a substantial risk to Autodesk AutoCAD users, as it enables attackers to use maliciously crafted SLDPRT files for gaining unauthorized access and code execution. By being aware of this vulnerability and diligently applying updates, users can mitigate potential security threats and protect critical information. Always remain cautious when processing SLDPRT files and other attachments from untrusted sources, and stay informed about security issues related to the software you use daily.

Timeline

Published on: 02/22/2024 05:15:09 UTC
Last modified on: 03/18/2024 00:15:07 UTC