Threat Research

FortiGuard Labs Researcher Discovers Multiple Vulnerabilities in Multiple Autodesk Products

By Kushal Arvind Shah | October 20, 2022

Late May 2022, I discovered and reported multiple zero-day vulnerabilities in Autodesk Design Review, Autodesk Subassembly Composer, Autodesk Moldflow Communicator, and Autodesk Dwg2Spd. Recently, Autodesk released several security patchessecurity patchessecurity patchessecurity patches & security patches which fixed them. These vulnerabilities are identified as CVE-2022-33883, CVE-2022-27525, CVE-2022-41306, CVE-2022-42934, CVE-2022-42935, CVE-2022-42936, CVE-2022-42937, CVE-2022-42933, CVE-2022-42943, CVE-2022-41310, CVE-2022-42040, CVE-2022-42939, CVE-2022-42942, CVE-2022-42941, CVE-2022-42938, CVE-2022-41309, CVE-2022-42944, CVE-2022-33890, CVE-2022-27526, CVE-2022-33888, CVE-2022-41301, CVE-2022-41305, CVE-2022-41307, and CVE-2022-41308. All of these vulnerabilities have different root causes pertaining to the decoding of several file formats by the vulnerable Autodesk product. Due to the severity of these vulnerabilities, we suggest users apply the Autodesk patches as soon as possible.

Affected platforms: Windows
Impacted parties: 

Users of Autodesk AutoCAD versions 2023.1.0 and earlier
Users of Autodesk AutoCAD versions 2022.1.2 and earlier
Users of Autodesk AutoCAD versions 2021.1.2 and earlier
Users of Autodesk AutoCAD versions 2020.1.5 and earlier
Users of Autodesk Subassembly Composer 2023 versions 2023.0 and earlier
Users of Autodesk Subassembly Composer 2022 versions 2022.2.0 and earlier
Users of Autodesk Subassembly Composer 2021 versions 2021.3.1 and earlier
Users of Autodesk Subassembly Composer 2020 versions 2020.6.2 and earlier
Users of Autodesk Design Review versions 2018 Hotfix 5 and earlier
Users of Autodesk Moldflow Communicator versions 2022 and earlier
Users of Autodesk Design Review versions 2018 Hotfix 7 and earlier

Impact: Multiple vulnerabilities leading to Arbitrary Code Execution or Information Disclosure.
Severity level: High

Following are some details on these vulnerabilities. More information can be found on the related FortiGuard Labs Zero-Day Advisory pages by clicking on the CVE links below:

CVE-2022-33883:

This is a Remote Code Execution vulnerability that exists in the decoding of Moldflow Result Data ‘MFR’ files in Autodesk Moldflow Communicator. Specifically, the vulnerability is caused by a malformed MFR file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted MFR file.

Fortinet released IPS signature Autodesk.Moldflow.Communicator.CVE-2022-33883.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-27525:

This is a Remote Code Execution vulnerability that exists in the decoding of Macintosh Pict ‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-27525.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2021-41306:

This is a Remote Code Execution vulnerability that exists in the decoding of Macintosh Pict ‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-41306.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42934:

This is a Remote Code Execution vulnerability that exists in the decoding of Macintosh Pict‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42934.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42935:

This is a Remote Code Execution vulnerability that exists in the decoding of Macintosh Pict ‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42935.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42936:

This is a Remote Code Execution vulnerability that exists in the decoding of Macintosh Pict ‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42936.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42937:

This is a Remote Code Execution vulnerability that exists in the decoding of Design Web Format ‘DWF’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed DWF file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWF file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42937.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42933:

This is a Remote Code Execution vulnerability that exists in the decoding of Design Web Format ‘DWF’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed DWF file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWF file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42933.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42943:

This is a Remote Code Execution vulnerability that exists in the decoding of Design Web Format ‘DWF’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed DWF file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWF file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42943.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-41310:

This is a Remote Code Execution vulnerability that exists in the decoding of Macintosh Pict ‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-41310.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42940:

This is an out-of-bounds read vulnerability that exists in the decoding of Truevision Targa ‘TGA’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed TGA file, which causes an Out of Bounds read memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted TGA file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42940.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-42939:

This is an out-of-bounds read vulnerability that exists in the decoding of Truevision Targa ‘TGA’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed TGA file, which causes an Out of Bounds read memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted TGA file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42939.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-42942:

This is a Remote Code Execution vulnerability that exists in the decoding of Design Web Format ‘DWF’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed DWF file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWF file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42942.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42941:

This is a Remote Code Execution vulnerability that exists in the decoding of Macintosh Pict ‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42941.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42938:

This is an out-of-bounds read vulnerability that exists in the decoding of Truevision Targa ‘TGA’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed TGA file, which causes an Out of Bounds Read memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted TGA file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42938.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-41309:

This is a Remote Code Execution vulnerability that exists in the decoding of Macintosh Pict ‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-41309.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-42944:

This is an out-of-bounds read vulnerability that exists in the decoding of Macintosh Pict ‘PCT’  files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds read memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-42944.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-33890:

This is a Memory Corruption vulnerability that exists in the decoding of Macintosh Pict ‘PCT’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed PCT file, which causes Memory Corruption due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-33890.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-27526:

This is an out-of-bounds read vulnerability that exists in the decoding of Truevision Targa‘TGA’ files in Autodesk Design Review. Specifically, the vulnerability is caused by a malformed TGA file, which causes an Out of Bounds read memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted TGA file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-27526.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-33888:

This is an out-of-bounds read vulnerability that exists in the decoding of AutoCAD Drawing ‘DWG’ files in Autodesk Dwg2Spd. Specifically, the vulnerability is caused by a malformed DWG file, which causes an Out of Bounds read memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted DWG file.

Fortinet released IPS signature Autodesk.Dwg2Spd.CVE-2022-33888.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-41301:

This is a Remote Code Execution vulnerability that exists in the decoding of ‘PKT’ files in Autodesk Subassembly Composer. Specifically, the vulnerability is caused by a malformed PKT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PKT file.

Fortinet released IPS signature Autodesk.Subassembly.Composer.CVE-2022-41301.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-41305:

This is a Remote Code Execution vulnerability that exists in the decoding of ‘PKT’ files in Autodesk SubAssembly Composer. Specifically, the vulnerability is caused by a malformed PKT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PKT file.

Fortinet released IPS signature Autodesk.Subassembly.Composer.CVE-2022-41305.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-41307:

This is a Remote Code Execution vulnerability that exists in the decoding of ‘PKT’ files in Autodesk Subassembly Composer. Specifically, the vulnerability is caused by a malformed PKT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PKT file.

Fortinet released IPS signature Autodesk.Subassembly.Composer.CVE-2022-41307.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-41308:

This is a Remote Code Execution vulnerability that exists in the decoding of ‘PKT’ files in Autodesk Subassembly Composer. Specifically, the vulnerability is caused by a malformed PKT file, which causes an Out of Bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PKT file.

Fortinet released IPS signature Autodesk.Subassembly.Composer.CVE-2022-41308.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.

Fortinet Protections

Fortinet IPS customers are protected with the signatures outlined above in this blog, which were previously released for these vulnerabilities.

In addition, FortiEDR detects and prevents the exploitation of these vulnerabilities.

Learn more about Fortinet’s FortiGuard Labs threat research and global intelligence organization and Fortinet’s FortiGuard AI-powered Security Services portfolioSign up to receive our threat research blogs.