CVE-2024-9997 in AutoCADinfo

Summary

by MITRE • 10/30/2024

A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 03/02/2025

The vulnerability identified as CVE-2024-9997 represents a critical memory corruption flaw within Autodesk AutoCAD's acdb25.dll component that arises during the parsing of maliciously crafted DWG files. This issue stems from inadequate input validation and memory handling mechanisms when processing structured drawing files that contain malformed or specially constructed data elements. The vulnerability exists within the AutoCAD drawing database engine responsible for interpreting and rendering DWG file formats, which are widely used in architectural, engineering, and construction industries for computer-aided design work.

The technical exploitation of this vulnerability occurs through the manipulation of DWG file structures that trigger improper memory allocation and handling within the acdb25.dll library. When AutoCAD attempts to parse these malicious files, the parsing engine fails to properly validate the file headers, object structures, or data sequences, leading to buffer overflows, heap corruption, or other memory management errors. This flaw falls under CWE-121, which encompasses classic buffer overflow conditions, and potentially CWE-122, which addresses heap-based buffer overflows. The memory corruption manifests when the application attempts to write data beyond allocated memory boundaries or access invalid memory locations, creating opportunities for arbitrary code execution.

The operational impact of this vulnerability extends beyond simple application crashes, as it provides malicious actors with potential paths to escalate privileges and gain unauthorized system access. When successfully exploited, the vulnerability can cause AutoCAD to crash unexpectedly, but more critically, it allows attackers to write sensitive data to memory locations or execute arbitrary code within the context of the current AutoCAD process. This represents a significant security risk for organizations that rely heavily on AutoCAD for design work, as attackers could potentially install backdoors, exfiltrate design data, or compromise entire design networks. The vulnerability particularly affects users who frequently open DWG files from untrusted sources, including email attachments, shared network drives, or third-party design repositories.

Organizations should implement immediate mitigations including restricting user access to potentially malicious file sources, deploying network-based intrusion detection systems to monitor for suspicious file transfers, and ensuring that AutoCAD installations are updated with the latest security patches from Autodesk. The ATT&CK framework categorizes this vulnerability under T1203, which involves exploitation of remote services, and T1059, which covers command and scripting interpreters. System administrators should consider implementing application whitelisting policies to restrict execution of AutoCAD with potentially malicious inputs, and establish regular security awareness training for users who handle design files. Additionally, network segmentation and endpoint protection solutions should be configured to monitor for suspicious AutoCAD process behaviors, such as unexpected memory allocations or file access patterns that could indicate exploitation attempts.

Responsible

Autodesk

Reservation

10/15/2024

Disclosure

10/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00207

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!