← Back

CVE-2019-7364

nvd nist
Published: Aug 23, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

Affected (41)

Autodesk
11 products
Advance Steel
Autocad
Autocad Architecture
Autocad Electrical
Autocad Lt
Autocad Map 3d
Autocad Mechanical
Autocad Mep
Autocad P&id
Autocad Plant 3d
Civil 3d
Configuration A
41 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Advance Steel
Version 2017
Advance Steel
Version 2018
Advance Steel
Version 2019
Advance Steel
Version 2020
Autodesk
Autocad
Version 2017
Autocad
Version 2018
Autocad
Version 2019
Autocad
Version 2020
Autodesk
Autocad Architecture
Version 2017
Autocad Architecture
Version 2018
Autocad Architecture
Version 2019
Autocad Architecture
Version 2020
Autodesk
Autocad Electrical
Version 2017
Autocad Electrical
Version 2018
Autocad Electrical
Version 2019
Autocad Electrical
Version 2020
Autodesk
Autocad Lt
Version 2017
Autocad Lt
Version 2018
Autocad Lt
Version 2019
Autocad Lt
Version 2020
Autodesk
Autocad Map 3d
Version 2017
Autocad Map 3d
Version 2018
Autocad Map 3d
Version 2019
Autocad Map 3d
Version 2020
Autodesk
Autocad Mechanical
Version 2017
Autocad Mechanical
Version 2018
Autocad Mechanical
Version 2019
Autocad Mechanical
Version 2020
Autodesk
Autocad Mep
Version 2017
Autocad Mep
Version 2018
Autocad Mep
Version 2019
Autocad Mep
Version 2020
Autocad P&id
Version 2017
Autodesk
Autocad Plant 3d
Version 2017
Autocad Plant 3d
Version 2018
Autocad Plant 3d
Version 2019
Autocad Plant 3d
Version 2020
Autodesk
Civil 3d
Version 2017
Civil 3d
Version 2018
Civil 3d
Version 2019
Civil 3d
Version 2020

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

Source: psirt@autodesk.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.