CVE-2024-7672 in Navisworks Freedom
Summary
by MITRE • 10/01/2024
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/09/2025
The vulnerability identified as CVE-2024-7672 represents a critical security flaw within Autodesk Navisworks software that specifically affects the dwfcore.dll component responsible for parsing DWF (Design Web Format) files. This issue manifests as an out-of-bounds write condition that occurs during the processing of maliciously crafted DWF files, creating a significant attack surface for potential exploitation. The vulnerability resides in the file parsing logic where insufficient input validation and boundary checking mechanisms fail to properly handle malformed DWF content, allowing attackers to manipulate memory structures through crafted file inputs. The flaw demonstrates characteristics consistent with CWE-787 Out-of-bounds Write, which is classified under the broader category of memory safety issues that can lead to arbitrary code execution and system compromise.
The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it provides malicious actors with the capability to execute arbitrary code within the context of the currently running process. When a user opens a specially crafted DWF file within Autodesk Navisworks, the dwfcore.dll component attempts to parse the file structure and encounters the malformed data that triggers the out-of-bounds write condition. This condition can result in memory corruption that allows attackers to overwrite critical memory locations, potentially leading to privilege escalation or complete system compromise. The vulnerability's exploitation potential is heightened by the fact that DWF files are commonly used in architectural, engineering, and construction environments where users frequently open external files from colleagues, clients, or third-party sources, creating numerous potential attack vectors. According to ATT&CK framework, this vulnerability aligns with T1203 Exploitation for Client Execution and T1059 Command and Scripting Interpreter techniques, as it enables attackers to execute malicious code through legitimate software applications.
Organizations utilizing Autodesk Navisworks software face substantial risk from this vulnerability, particularly in environments where users have elevated privileges or where the software operates in networked environments. The out-of-bounds write condition can be leveraged by attackers to perform code injection attacks, potentially leading to persistent backdoors or lateral movement within the network. Security professionals must understand that this vulnerability represents a privilege escalation vector that could allow attackers with minimal access to gain full system control, especially when the software runs with administrative privileges. The vulnerability's exploitation requires only that a user open a malicious DWF file, making it particularly dangerous in targeted attack scenarios where social engineering or supply chain compromises could deliver the malicious payloads. Mitigation strategies should include immediate patch application from Autodesk, network segmentation to limit access to Navisworks installations, and user education regarding the dangers of opening untrusted DWF files. Additionally, implementing application whitelisting policies and monitoring for suspicious file access patterns can provide additional layers of protection against exploitation attempts. The vulnerability underscores the importance of maintaining current security patches and demonstrates the critical need for robust input validation in all file parsing components, particularly in widely used engineering and design software that processes external data formats.