CVE-2023-25004
📋 TL;DR
This vulnerability in Autodesk products allows attackers to execute arbitrary code by exploiting integer overflow in pskernel.dll. Users running affected Autodesk software are at risk of complete system compromise if they open malicious files.
💻 Affected Systems
- Autodesk products using pskernel.dll
📦 What is this software?
Alias by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad Lt by Autodesk
Autocad Lt by Autodesk
Autocad Lt by Autodesk
Autocad Lt by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Infraworks by Autodesk
Infraworks by Autodesk
Infraworks by Autodesk
Inventor by Autodesk
Inventor by Autodesk
Inventor by Autodesk
Maya Usd by Autodesk
Maya Usd by Autodesk
Navisworks by Autodesk
Navisworks by Autodesk
Revit by Autodesk
Vred by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the affected system, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or remote code execution when users open specially crafted files, leading to malware installation or data exfiltration.
If Mitigated
Limited impact with proper application sandboxing and file execution restrictions, potentially only crashing the application.
🎯 Exploit Status
Exploitation requires user interaction to open malicious files. No public exploit code available at time of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: April 2023 security updates
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009
Restart Required: Yes
Instructions:
1. Open affected Autodesk product. 2. Navigate to Help > Check for Updates. 3. Install April 2023 security updates. 4. Restart the application and system as prompted.
🔧 Temporary Workarounds
Restrict DLL loading
windowsApply DLL loading restrictions to prevent malicious pskernel.dll files from being loaded
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<autodesk_exe>" /v "MitigationOptions" /t REG_DWORD /d 0x2 /f
Application control policies
windowsImplement application whitelisting to prevent unauthorized DLL execution
🧯 If You Can't Patch
- Implement strict file execution policies to prevent opening untrusted files
- Use application sandboxing or virtualization for Autodesk products
🔍 How to Verify
Check if Vulnerable:
Check pskernel.dll version in Autodesk installation directory. Vulnerable versions are prior to April 2023 updates.Check Version:
powershell "Get-Item 'C:\Program Files\Autodesk\*\pskernel.dll' | Select-Object VersionInfo"Verify Fix Applied:
Verify pskernel.dll file version has been updated to April 2023 or later version in Autodesk installation directory.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Autodesk products
- Unusual DLL loading events
- Process creation from Autodesk executables
Network Indicators:
- Outbound connections from Autodesk processes to unknown IPs
- DNS requests for suspicious domains from Autodesk processes
SIEM Query:
source="windows" AND (process_name="*autodesk*" OR process_name="*acad*") AND (event_id=1000 OR event_id=1001) AND message="*exception*"