CVE-2024-12191
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious DWFX files in Autodesk Navisworks. It affects all users of vulnerable Autodesk Navisworks versions who open untrusted DWFX files. The out-of-bounds write can lead to complete system compromise.
💻 Affected Systems
- Autodesk Navisworks
📦 What is this software?
Navisworks by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full privileges of the Navisworks process, potentially leading to complete system takeover, data theft, or ransomware deployment.
Likely Case
Application crash or limited code execution leading to data corruption, denial of service, or initial foothold for further attacks.
If Mitigated
No impact if proper file validation and user awareness prevent malicious files from being opened.
🎯 Exploit Status
Exploitation requires user interaction to open malicious file. No public exploit code available at time of advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.3
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027
Restart Required: Yes
Instructions:
1. Open Autodesk Navisworks. 2. Navigate to Help > About to check current version. 3. If version is below 2024.3, download and install the latest update from Autodesk Account portal or through the application's update mechanism. 4. Restart the application after installation.
🔧 Temporary Workarounds
Disable DWFX file association
windowsRemove file association to prevent automatic opening of DWFX files in Navisworks
Control Panel > Default Programs > Associate a file type or protocol with a program > Select .dwfx > Change program > Choose another application
Implement file validation policy
allBlock or quarantine DWFX files from untrusted sources using endpoint protection
🧯 If You Can't Patch
- Implement strict user awareness training about opening files from untrusted sources
- Deploy application whitelisting to prevent execution of malicious payloads
🔍 How to Verify
Check if Vulnerable:
Check Navisworks version in Help > About menu. If version is below 2024.3, system is vulnerable.Check Version:
Not applicable - check through application GUIVerify Fix Applied:
Verify version shows 2024.3 or higher in Help > About menu after update.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unexpected process termination of navisworks.exe
- Security event logs showing file access to suspicious DWFX files
Network Indicators:
- Downloads of DWFX files from untrusted sources
- Unusual outbound connections from Navisworks process
SIEM Query:
source="windows" AND (event_id=1000 OR event_id=1001) AND process_name="navisworks.exe" AND (exception_code=0xc0000005 OR exception_code=0xc0000409)