A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
2025-12-16T00:16:00.430
2025-12-19T14:40:39.697
Analyzed
CVSSv3.1: 7.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | autodesk | shared_components | < 2026.5 | Yes |
| Application | autodesk | 3ds_max | 2026 | No |
| Application | autodesk | advance_steel | 2026 | No |
| Application | autodesk | autocad | 2026 | No |
| Application | autodesk | autocad_architecture | 2026 | No |
| Application | autodesk | autocad_electrical | 2026 | No |
| Application | autodesk | autocad_map_3d | 2026 | No |
| Application | autodesk | autocad_mechanical | 2026 | No |
| Application | autodesk | autocad_mep | 2026 | No |
| Application | autodesk | autocad_plant_3d | 2026 | No |
| Application | autodesk | civil_3d | 2026 | No |
| Application | autodesk | infraworks | 2026 | No |
| Application | autodesk | inventor | 2026 | No |
| Application | autodesk | revit | 2026 | No |
| Application | autodesk | revit_lt | 2026 | No |
| Application | autodesk | vault | 2026 | No |