Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.
Max CVSS
10.0
EPSS Score
0.83%
Published
2014-07-07
Updated
2014-07-07
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
Max CVSS
9.8
EPSS Score
0.94%
Published
2017-01-25
Updated
2017-01-28
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
Max CVSS
9.8
EPSS Score
0.24%
Published
2017-01-25
Updated
2017-01-28
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-01-25
Updated
2017-01-28
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-01-25
Updated
2017-01-28
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.27%
Published
2022-10-03
Updated
2022-10-05
A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Max CVSS
9.8
EPSS Score
0.23%
Published
2023-11-23
Updated
2023-11-30
A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Max CVSS
9.8
EPSS Score
0.23%
Published
2023-11-23
Updated
2023-11-30
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Max CVSS
9.8
EPSS Score
0.23%
Published
2023-11-23
Updated
2023-11-30
A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Max CVSS
9.8
EPSS Score
0.20%
Published
2023-11-23
Updated
2023-11-30
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
Max CVSS
9.3
EPSS Score
1.77%
Published
2008-10-07
Updated
2018-10-11
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
Max CVSS
9.3
EPSS Score
2.34%
Published
2008-10-07
Updated
2018-10-11
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
Max CVSS
9.3
EPSS Score
1.49%
Published
2009-11-24
Updated
2018-10-10
Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."
Max CVSS
9.3
EPSS Score
3.89%
Published
2009-11-24
Updated
2018-10-10
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."
Max CVSS
9.3
EPSS Score
3.21%
Published
2009-11-24
Updated
2018-10-10
Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.
Max CVSS
9.3
EPSS Score
5.80%
Published
2014-04-02
Updated
2014-04-05
Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
1.90%
Published
2014-07-23
Updated
2014-07-23
Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.
Max CVSS
9.3
EPSS Score
2.77%
Published
2014-07-23
Updated
2014-07-23
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.
Max CVSS
9.3
EPSS Score
0.09%
Published
2019-12-03
Updated
2019-12-10
A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.
Max CVSS
9.3
EPSS Score
0.11%
Published
2020-04-17
Updated
2020-04-21
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.
Max CVSS
9.3
EPSS Score
0.20%
Published
2020-04-17
Updated
2022-05-03
A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.
Max CVSS
9.3
EPSS Score
0.31%
Published
2020-04-17
Updated
2020-04-23
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.
Max CVSS
9.3
EPSS Score
0.09%
Published
2020-04-17
Updated
2020-04-21
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
Max CVSS
9.3
EPSS Score
94.09%
Published
2021-04-19
Updated
2021-09-16
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
Max CVSS
9.3
EPSS Score
0.09%
Published
2021-04-19
Updated
2021-09-16
191 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!