CVE-2024-12193
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious DWFX files in Autodesk Navisworks. It affects all users of vulnerable Autodesk Navisworks versions who open untrusted DWFX files. The vulnerability stems from improper bounds checking when parsing DWFX files.
💻 Affected Systems
- Autodesk Navisworks
📦 What is this software?
Navisworks by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the current user, potentially leading to full system compromise.
Likely Case
Application crash or denial of service when malicious files are opened, with potential for limited code execution.
If Mitigated
No impact if patched versions are used or if users avoid opening untrusted DWFX files.
🎯 Exploit Status
Exploitation requires user interaction to open malicious files. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.3 and later updates
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027
Restart Required: Yes
Instructions:
1. Open Autodesk Navisworks. 2. Navigate to Help > About. 3. Check version. 4. If below 2024.3, download and install the latest update from Autodesk Account or Autodesk Desktop App. 5. Restart the application.
🔧 Temporary Workarounds
Block DWFX file extensions
windowsPrevent Navisworks from opening DWFX files by blocking the file association.
reg add "HKCU\Software\Classes\.dwfx" /v "Content Type" /t REG_SZ /d "application/octet-stream" /f
reg add "HKCU\Software\Classes\.dwfx" /v "PerceivedType" /t REG_SZ /d "unknown" /f
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized files.
- Educate users to never open DWFX files from untrusted sources.
🔍 How to Verify
Check if Vulnerable:
Check Navisworks version via Help > About. If version is earlier than 2024.3, the system is vulnerable.Check Version:
Get-ItemProperty "HKLM:\SOFTWARE\Autodesk\Navisworks\*\*" | Select-Object -Property DisplayName, DisplayVersionVerify Fix Applied:
Verify version is 2024.3 or later and attempt to open a known safe DWFX file to confirm functionality.📡 Detection & Monitoring
Log Indicators:
- Application crash logs from Navisworks.exe
- Windows Event Logs showing application faults (Event ID 1000)
Network Indicators:
- Unusual outbound connections from Navisworks process
- Downloads of DWFX files from untrusted sources
SIEM Query:
source="Windows Event Logs" AND (EventID=1000 AND ProcessName="Navisworks.exe") OR (ProcessName="Navisworks.exe" AND CommandLine CONTAINS ".dwfx")