CVE-2024-8587 in AutoCAD
Summary
by MITRE • 10/30/2024
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/01/2025
The vulnerability identified as CVE-2024-8587 represents a critical heap-based buffer overflow flaw within Autodesk AutoCAD's odxsw_dll.dll component when processing specially crafted SLDPRT files. This issue stems from inadequate input validation and memory management practices within the software's handling of drawing files that utilize the SLDPRT format, which is commonly used for storing solid geometry data in Autodesk's CAD applications. The vulnerability manifests when the odxsw_dll.dll library attempts to parse and process malformed SLDPRT file structures without proper bounds checking, creating opportunities for attackers to exploit memory corruption patterns that can lead to arbitrary code execution.
The technical exploitation of this vulnerability occurs through the manipulation of SLDPRT file structures that contain oversized or malformed data fields within the file's metadata or geometry definitions. When AutoCAD attempts to load such malicious files, the odxsw_dll.dll module fails to properly validate the size of data buffers before copying or processing file contents, resulting in memory corruption that overflows adjacent heap memory regions. This heap-based buffer overflow creates opportunities for attackers to overwrite critical memory locations including return addresses, function pointers, or other control data structures that govern program execution flow. The vulnerability is particularly dangerous because it operates within the context of the currently running AutoCAD process, potentially allowing for privilege escalation or complete system compromise depending on the user's access level.
The operational impact of CVE-2024-8587 extends beyond simple application instability, as it provides malicious actors with a pathway for remote code execution capabilities that could be leveraged in targeted attacks against CAD environments. Organizations utilizing Autodesk AutoCAD in professional design, engineering, or manufacturing workflows face significant risk exposure since these applications often run with elevated privileges and may be connected to critical infrastructure systems. The vulnerability can be exploited through social engineering tactics where users are tricked into opening malicious SLDPRT files, potentially delivered through email attachments, compromised websites, or malicious file sharing platforms. Once exploited, the attacker could gain full control over the affected AutoCAD process, potentially leading to data exfiltration, system persistence mechanisms, or further lateral movement within network environments where CAD applications are deployed.
Security mitigations for CVE-2024-8587 should prioritize immediate patching of affected Autodesk AutoCAD versions through official vendor updates that address the buffer overflow conditions in odxsw_dll.dll. Organizations should implement network-based protections including email filtering systems that scan for potentially malicious SLDPRT files and network monitoring solutions that detect unusual file processing patterns within CAD environments. Additionally, system administrators should consider implementing application whitelisting policies that restrict execution of AutoCAD components outside of controlled environments, while also establishing robust backup and recovery procedures to protect against potential data loss from successful exploitation attempts. The vulnerability aligns with CWE-121, heap-based buffer overflow, and represents a technique that could be categorized under ATT&CK tactic T1059 for execution and T1070 for indicator removal, highlighting the multi-faceted nature of the threat landscape surrounding CAD application security.