فا

‫ AutoCAD Insecure Library and FAS File Loading Vulnerabilities

IRCAD2014023171
ID: IRCAD2014023171
Release Date: 2014-02-25
Criticality level: Highly critical
Software:

AutoCAD 2013

Description:

Two vulnerabilities have been reported in AutoCAD, which can be exploited by malicious people to compromise a user's system.

1) The application loads certain FAS (.fas) files in an insecure manner, which can be exploited to execute arbitrary VBScript code by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.

2) The application loads certain libraries (.dll) in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share.

Solution

Upgrade to version 2014.

References:
JVN (English):
JVN (Japanese):
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 12 اسفند 1392

امتیاز

امتیاز شما
تعداد امتیازها:0