CVE-2021-27036
📋 TL;DR
This is a buffer overflow vulnerability in Autodesk software that allows arbitrary code execution when processing malicious image files. Attackers can exploit it by tricking users into opening specially crafted PCX, PICT, RCL, TIF, BMP, PSD, or TIFF files. Users of affected Autodesk products are at risk.
💻 Affected Systems
- Autodesk AutoCAD
- Autodesk Design Review
- Autodesk Navisworks
- Autodesk Advance Steel
- Autodesk Civil 3D
📦 What is this software?
Design Review by Autodesk
Design Review by Autodesk
Design Review by Autodesk
Design Review by Autodesk
Design Review by Autodesk
Design Review by Autodesk
Design Review by Autodesk
Design Review by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or remote code execution on the user's workstation, allowing attackers to install malware, steal credentials, or access sensitive files.
If Mitigated
Limited impact if file processing occurs in sandboxed environments or with restricted user privileges, potentially causing only application crashes.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious file. No publicly available proof-of-concept has been identified, but the vulnerability is well-documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2022.1.2, 2021.1.5, or 2020.1.6 depending on product version
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
Restart Required: Yes
Instructions:
1. Open the Autodesk Desktop App or access Autodesk Account. 2. Check for available updates for your specific product. 3. Download and install the security update for your version (2022.1.2, 2021.1.5, or 2020.1.6). 4. Restart the application and computer if prompted.
🔧 Temporary Workarounds
Restrict file type processing
allConfigure applications to not automatically process or preview the vulnerable file types
User awareness training
allTrain users to avoid opening image files from untrusted sources
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized code
- Run affected software with least privilege accounts and in isolated environments
🔍 How to Verify
Check if Vulnerable:
Check your Autodesk product version against the vulnerable versions listed in the advisory. Open the application and check Help > About or similar menu.Check Version:
For AutoCAD: Open AutoCAD and type 'ABOUT' in command line or check Help > AboutVerify Fix Applied:
Verify the installed version is 2022.1.2, 2021.1.5, or 2020.1.6 or later, depending on your product line.📡 Detection & Monitoring
Log Indicators:
- Application crashes when processing image files
- Unexpected process creation from Autodesk applications
- File parsing errors in application logs
Network Indicators:
- Unusual outbound connections from Autodesk applications
- File downloads followed by application crashes
SIEM Query:
Process Creation where (Image contains 'acad.exe' OR Image contains 'DesignReview.exe') AND CommandLine contains '.pcx' OR CommandLine contains '.tif' OR CommandLine contains '.bmp'