CVE-2024-3298

Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.3ds.com/vulnerability/advisories
https://www.3ds.com/vulnerability/advisories

Configurations

No configuration.

History

21 Nov 2024, 09:29

Type	Values Removed	Values Added
References	~~() https://www.3ds.com/vulnerability/advisories -~~	() https://www.3ds.com/vulnerability/advisories -
Summary		(es) Existen vulnerabilidades de escritura fuera de los límites y confusión de tipos en el procedimiento de lectura de archivos en eDrawings desde la versión SOLIDWORKS 2023 hasta la versión SOLIDWORKS 2024. Estas vulnerabilidades podrían permitir a un atacante ejecutar código arbitrario al abrir un DWG o DXF especialmente manipulado. NOTA: esta vulnerabilidad fue DIVIDIDA de CVE-2024-1847.

04 Apr 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-04 15:15

Updated : 2024-11-21 09:29

NVD link : CVE-2024-3298

Mitre link : CVE-2024-3298

CVE.ORG link : CVE-2024-3298

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

{"id": "CVE-2024-3298", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "3DS.Information-Security@3ds.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-04-04T15:15:40.017", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "source": "3DS.Information-Security@3ds.com"}, {"url": "https://www.3ds.com/vulnerability/advisories", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "3DS.Information-Security@3ds.com", "description": [{"lang": "en", "value": "CWE-787"}, {"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847."}, {"lang": "es", "value": "Existen vulnerabilidades de escritura fuera de los l\u00edmites y confusi\u00f3n de tipos en el procedimiento de lectura de archivos en eDrawings desde la versi\u00f3n SOLIDWORKS 2023 hasta la versi\u00f3n SOLIDWORKS 2024. Estas vulnerabilidades podr\u00edan permitir a un atacante ejecutar c\u00f3digo arbitrario al abrir un DWG o DXF especialmente manipulado. NOTA: esta vulnerabilidad fue DIVIDIDA de CVE-2024-1847."}], "lastModified": "2024-11-21T09:29:20.760", "sourceIdentifier": "3DS.Information-Security@3ds.com"}

7.8 /10