CVE-2024-12669
📋 TL;DR
A heap-based buffer overflow vulnerability in Autodesk Navisworks allows attackers to craft malicious DWFX files that can crash the application, leak sensitive data, or execute arbitrary code when opened. This affects all users of vulnerable Navisworks versions who open untrusted DWFX files. The vulnerability requires user interaction to open a malicious file.
💻 Affected Systems
- Autodesk Navisworks
📦 What is this software?
Navisworks by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the current user, potentially leading to full system compromise, data theft, or lateral movement within the network.
Likely Case
Application crash (denial of service) or limited information disclosure from memory contents when users open malicious DWFX files from untrusted sources.
If Mitigated
No impact if users only open trusted DWFX files and proper security controls are implemented.
🎯 Exploit Status
Exploitation requires crafting a malicious DWFX file and convincing a user to open it. No authentication bypass is needed, but user interaction is required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Navisworks 2024.3 and later
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027
Restart Required: Yes
Instructions:
1. Download and install Navisworks 2024.3 or later from Autodesk's official website. 2. Close all Navisworks instances before installation. 3. Follow the installation wizard. 4. Restart the system after installation completes.
🔧 Temporary Workarounds
Block DWFX file extensions
windowsPrevent Navisworks from opening DWFX files by blocking the file association or using application control policies.
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.dwfx, Security Level: Disallowed
Use file screening
windowsImplement file screening to block DWFX files from being saved or opened on network shares.
Using Windows Server File Server Resource Manager: File Screening Management > Create File Screen: Screen Path: [network share path], File Groups: Add 'DWFX Files' group with *.dwfx
🧯 If You Can't Patch
- Implement application whitelisting to only allow execution of trusted Navisworks instances
- Educate users to never open DWFX files from untrusted sources and implement email filtering for suspicious attachments
🔍 How to Verify
Check if Vulnerable:
Check Navisworks version: Open Navisworks > Help > About Autodesk Navisworks. If version is earlier than 2024.3, the system is vulnerable.Check Version:
In Navisworks: Help > About Autodesk Navisworks, or check registry: HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\Navisworks\[version]Verify Fix Applied:
Verify Navisworks version is 2024.3 or later using the About dialog. Test opening known-good DWFX files to ensure functionality is preserved.📡 Detection & Monitoring
Log Indicators:
- Application crash logs from Navisworks (Event ID 1000 in Windows Event Viewer)
- Unexpected process termination of Navisworks.exe
- Memory access violation errors in application logs
Network Indicators:
- Downloads of DWFX files from untrusted sources
- Email attachments with .dwfx extension being opened
SIEM Query:
EventID=1000 AND SourceName="Application Error" AND ProcessName="Navisworks.exe" OR FileExtension=".dwfx" AND Action="FileOpen" AND ProcessName="Navisworks.exe"