CVE-2024-23148
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious CATPRODUCT files in affected Autodesk applications. The memory corruption occurs through CC5Dll.dll when parsing specially crafted files, potentially leading to full system compromise. Users of Autodesk products that process CATIA files are affected.
💻 Affected Systems
- Autodesk Fusion
- Autodesk Inventor
- Autodesk AutoCAD
- Autodesk Vault
📦 What is this software?
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or remote code execution when users open malicious files, leading to malware installation or data exfiltration.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions, potentially only causing application crashes.
🎯 Exploit Status
Exploitation requires user interaction to open malicious files. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.3.1 and 2025.0.1
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Restart Required: Yes
Instructions:
1. Open affected Autodesk application. 2. Navigate to Help > About. 3. Check current version. 4. If below patched versions, use Autodesk Desktop App or download from Autodesk Account portal. 5. Install update and restart system.
🔧 Temporary Workarounds
Disable CATPRODUCT file association
windowsPrevent CATPRODUCT files from automatically opening in vulnerable applications
Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .CATPRODUCT to open with Notepad or other safe application
Implement application sandboxing
allRun Autodesk applications in restricted environments
Windows: Use Windows Sandbox or third-party sandboxing tools
macOS: Use built-in sandboxing features or third-party solutions
🧯 If You Can't Patch
- Implement strict file handling policies: Block CATPRODUCT files at email gateways and web proxies
- Apply principle of least privilege: Run Autodesk applications with limited user accounts, not administrator privileges
🔍 How to Verify
Check if Vulnerable:
Check Autodesk application version against vulnerable ranges (pre-2024.3.1 or pre-2025.0.1)Check Version:
Windows: Open affected application > Help > About. macOS: Open affected application > [Application Name] > About [Application Name]Verify Fix Applied:
Verify application version is 2024.3.1 or higher, or 2025.0.1 or higher📡 Detection & Monitoring
Log Indicators:
- Application crashes in CC5Dll.dll
- Unexpected file parsing errors
- Memory access violation events in Windows Event Log
Network Indicators:
- CATPRODUCT file downloads from untrusted sources
- Unusual outbound connections after file opening
SIEM Query:
EventID=1000 OR EventID=1001 AND SourceName LIKE '%Autodesk%' AND FaultingModule LIKE '%CC5Dll.dll%'