Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-7364

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

Published

2019-08-23T20:15:10.690

Last Modified

2024-11-21T04:48:06.343

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	autodesk	advance_steel	2017	Yes
Application	autodesk	advance_steel	2018	Yes
Application	autodesk	advance_steel	2019	Yes
Application	autodesk	advance_steel	2020	Yes
Application	autodesk	autocad	2017	Yes
Application	autodesk	autocad	2018	Yes
Application	autodesk	autocad	2019	Yes
Application	autodesk	autocad	2020	Yes
Application	autodesk	autocad_architecture	2017	Yes
Application	autodesk	autocad_architecture	2018	Yes
Application	autodesk	autocad_architecture	2019	Yes
Application	autodesk	autocad_architecture	2020	Yes
Application	autodesk	autocad_electrical	2017	Yes
Application	autodesk	autocad_electrical	2018	Yes
Application	autodesk	autocad_electrical	2019	Yes
Application	autodesk	autocad_electrical	2020	Yes
Application	autodesk	autocad_lt	2017	Yes
Application	autodesk	autocad_lt	2018	Yes
Application	autodesk	autocad_lt	2019	Yes
Application	autodesk	autocad_lt	2020	Yes
Application	autodesk	autocad_map_3d	2017	Yes
Application	autodesk	autocad_map_3d	2018	Yes
Application	autodesk	autocad_map_3d	2019	Yes
Application	autodesk	autocad_map_3d	2020	Yes
Application	autodesk	autocad_mechanical	2017	Yes
Application	autodesk	autocad_mechanical	2018	Yes
Application	autodesk	autocad_mechanical	2019	Yes
Application	autodesk	autocad_mechanical	2020	Yes
Application	autodesk	autocad_mep	2017	Yes
Application	autodesk	autocad_mep	2018	Yes
Application	autodesk	autocad_mep	2019	Yes
Application	autodesk	autocad_mep	2020	Yes
Application	autodesk	autocad_p\&id	2017	Yes
Application	autodesk	autocad_plant_3d	2017	Yes
Application	autodesk	autocad_plant_3d	2018	Yes
Application	autodesk	autocad_plant_3d	2019	Yes
Application	autodesk	autocad_plant_3d	2020	Yes
Application	autodesk	civil_3d	2017	Yes
Application	autodesk	civil_3d	2018	Yes
Application	autodesk	civil_3d	2019	Yes
Application	autodesk	civil_3d	2020	Yes

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002 Patch, Vendor Advisory ([email protected])
https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)