CVE-2019-7361

HIGH

Autodesk - Code Injection

Title source: llm

Description

An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.

References (1)

[Vendor Advisory] https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001

Scores

CVSS v3 7.8

EPSS 0.0036

EPSS Percentile 57.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (11)

autodesk/advance_steel

autodesk/autocad

autodesk/autocad_architecture

autodesk/autocad_electrical

autodesk/autocad_lt

autodesk/autocad_map_3d

autodesk/autocad_mechanical

autodesk/autocad_mep

autodesk/autocad_p\&id

autodesk/autocad_plant_3d

autodesk/civil_3d

Timeline

Published Apr 09, 2019

Tracked Since Feb 18, 2026