Vulnerability Description
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | Advance Steel | >= 2019, < 2019.1.3 |
| Autodesk | Autocad | >= 2019, < 2019.1.3 |
| Autodesk | Autocad Architecture | >= 2019, < 2019.1.3 |
| Autodesk | Autocad Electrical | >= 2019, < 2019.1.3 |
| Autodesk | Autocad Lt | >= 2019, < 2019.1.3 |
| Autodesk | Autocad Map 3D | >= 2019, < 2019.1.3 |
| Autodesk | Autocad Mechanical | >= 2019, < 2019.1.3 |
| Autodesk | Autocad Mep | >= 2019, < 2019.1.3 |
| Autodesk | Autocad Plant 3D | >= 2019, < 2019.1.3 |
| Autodesk | Civil 3D | >= 2019, < 2019.1.3 |
| Autodesk | Dwg Trueview | >= 2022, < 2022.1.1 |
Related Weaknesses (CWE)
References
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007Vendor Advisory
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007Vendor Advisory
FAQ
What is CVE-2021-27043?
CVE-2021-27043 is a vulnerability with a CVSS score of 7.8 (HIGH). An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need t...
How severe is CVE-2021-27043?
CVE-2021-27043 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27043?
Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Advance Steel, Autodesk Autocad, Autodesk Autocad Architecture, Autodesk Autocad Electrical, Autodesk Autocad Lt.