CVE-2019-7361

Published: Apr 9, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.

Affected (11)

Products: Autodesk: Advance Steel, Autocad, Autocad Architecture, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad P&id, Autocad Plant 3d, Civil 3d

11 products

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	Version 2018
Autodesk Autocad	Version 2018
Autodesk Autocad Architecture	Version 2018
Autodesk Autocad Electrical	Version 2018
Autodesk Autocad Lt	Version 2018
Autodesk Autocad Map 3d	Version 2018
Autodesk Autocad Mechanical	Version 2018
Autodesk Autocad Mep	Version 2018
Autodesk Autocad P&id	Version 2018
Autodesk Autocad Plant 3d	Version 2018
Autodesk Civil 3d	Version 2018

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.