CVE-2024-23136
HIGHAutodesk AutoCAD and Related Products 2021-<2021.1.4 - Untrusted Pointer Dereference in ASMKERN228A.dll
Title source: llmDescription
A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
References (2)
Core 2
Core References
Scores
CVSS v3
7.8
EPSS
0.0044
EPSS Percentile
34.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-822
Status
published
Products (9)
autodesk/advance_steel
2021 - 2021.1.4
autodesk/autocad
2021 - 2021.1.4
autodesk/autocad_architecture
2021 - 2021.1.4
autodesk/autocad_electrical
2021 - 2021.1.4
autodesk/autocad_map_3d
2021 - 2021.1.4
autodesk/autocad_mechanical
2021 - 2021.1.4
autodesk/autocad_mep
2021 - 2021.1.4
autodesk/autocad_plant_3d
2021 - 2021.1.4
autodesk/civil_3d
2021 - 2021.1.4
Published
Feb 22, 2024
Tracked Since
Feb 18, 2026