CVE-2024-12671
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code or cause crashes by tricking users into opening malicious DWFX files in Autodesk Navisworks. It affects all users running vulnerable versions of Autodesk Navisworks software. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Autodesk Navisworks
📦 What is this software?
Navisworks by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full privileges of the current user, potentially leading to complete system takeover, data theft, or ransomware deployment.
Likely Case
Application crash or denial of service, with potential for limited code execution depending on exploit sophistication.
If Mitigated
Application crash with no code execution if exploit fails or security controls block it.
🎯 Exploit Status
Exploitation requires user interaction to open malicious file. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.3 and later
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027
Restart Required: Yes
Instructions:
1. Download Autodesk Navisworks 2024.3 or later from official Autodesk sources. 2. Install the update following standard installation procedures. 3. Restart the system to complete the update.
🔧 Temporary Workarounds
Block DWFX file extensions
windowsPrevent execution of DWFX files through group policy or application control.
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.dwfx, Security Level: Disallowed
Disable DWFX file association
windowsRemove file association so DWFX files don't automatically open in Navisworks.
reg delete "HKEY_CLASSES_ROOT\.dwfx" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dwfx" /f
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized execution of Navisworks
- Educate users to never open DWFX files from untrusted sources and implement email filtering for suspicious attachments
🔍 How to Verify
Check if Vulnerable:
Check Navisworks version: Open Navisworks > Help > About. If version is earlier than 2024.3, system is vulnerable.Check Version:
wmic product where "name like 'Autodesk Navisworks%'" get versionVerify Fix Applied:
Verify Navisworks version is 2024.3 or later in Help > About menu.📡 Detection & Monitoring
Log Indicators:
- Application crash logs from Navisworks.exe
- Windows Event Logs: Application Error events with faulting module Navisworks components
Network Indicators:
- Unusual outbound connections from Navisworks process post-DWFX file opening
SIEM Query:
source="windows" event_id=1000 process_name="Navisworks.exe" OR source="windows" event_id=1001 process_name="Navisworks.exe"