CVE-2019-7364
HIGHAutodesk Advance Steel 2017-2020 - Uncontrolled Search Path Element via DWG File
Title source: llmDescription
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002
Scores
CVSS v3
7.8
EPSS
0.0032
EPSS Percentile
54.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (41)
autodesk/advance_steel
2017
autodesk/advance_steel
2018
autodesk/advance_steel
2019
autodesk/advance_steel
2020
autodesk/autocad
2017
autodesk/autocad
2018
autodesk/autocad
2019
autodesk/autocad
2020
autodesk/autocad_architecture
2017
autodesk/autocad_architecture
2018
... and 31 more
Published
Aug 23, 2019
Tracked Since
Feb 18, 2026