CVE-2024-23152

Q: What is the severity of CVE-2024-23152?

CVE-2024-23152 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to exploit a buffer overflow in Autodesk's opennurbs.dll library when processing malicious 3DM files. Successful exploitation could lead to arbitrary code execution, data theft, or application crashes. Users of affected Autodesk applications are at risk.

7.8 HIGH

Buffer Overflow

📋 TL;DR

This vulnerability allows attackers to exploit a buffer overflow in Autodesk's opennurbs.dll library when processing malicious 3DM files. Successful exploitation could lead to arbitrary code execution, data theft, or application crashes. Users of affected Autodesk applications are at risk.

💻 Affected Systems

Products:

Autodesk applications using opennurbs.dll

Versions: Multiple versions prior to the patched release

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations that process 3DM files through affected Autodesk applications are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the current user, potentially leading to full system compromise.

🟠

Likely Case

Application crash or denial of service, with potential for limited data exfiltration.

🟢

If Mitigated

Application crash with no data exposure if proper sandboxing and memory protections are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file, but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Autodesk security advisory ADSK-SA-2024-0010 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010

Restart Required: Yes

Instructions:

1. Identify affected Autodesk applications
2. Check Autodesk security advisory ADSK-SA-2024-0010
3. Update to the latest patched version
4. Restart the application

🔧 Temporary Workarounds

Restrict 3DM file processing

all

Block or restrict processing of 3DM files from untrusted sources

Application sandboxing

all

Run Autodesk applications with reduced privileges or in sandboxed environments

🧯 If You Can't Patch

Implement strict file validation for 3DM files
Use application whitelisting to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Check if opennurbs.dll version is prior to the patched release mentioned in Autodesk advisory

Check Version:

Check application About menu or use vendor-specific version checking tools

Verify Fix Applied:

Verify application version matches or exceeds the patched version in Autodesk advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing 3DM files
Memory access violation errors in application logs

Network Indicators:

Unusual file downloads of 3DM files
Network traffic from Autodesk applications to unexpected destinations

SIEM Query:

Search for application crash events related to Autodesk processes or memory access violations

📊 Metadata

CVE ID: CVE-2024-23152

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: June 25, 2024

Last Updated: November 13, 2025

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict 3DM file processing

Application sandboxing

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities