CVE-2024-8587
📋 TL;DR
A heap-based buffer overflow vulnerability in Autodesk AutoCAD's odxsw_dll.dll allows attackers to execute arbitrary code by tricking users into opening malicious SLDPRT files. This affects AutoCAD users who process untrusted CAD files, potentially leading to complete system compromise. The vulnerability requires user interaction but can result in remote code execution.
💻 Affected Systems
- Autodesk AutoCAD
📦 What is this software?
Advance Steel by Autodesk
Autocad by Autodesk
Autocad Mep by Autodesk
Civil 3d by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the AutoCAD process, potentially leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Application crash or denial of service, with potential for limited code execution if exploit is refined.
If Mitigated
No impact if users don't open untrusted SLDPRT files or if application is patched.
🎯 Exploit Status
Requires user to open malicious SLDPRT file; exploit development requires understanding of AutoCAD's file parsing and heap manipulation
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Autodesk Security Advisory ADSK-SA-2024-0019 for specific patched versions
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Restart Required: Yes
Instructions:
1. Open Autodesk Desktop App or access Autodesk Account
2. Check for available updates for AutoCAD
3. Apply the security update referenced in ADSK-SA-2024-0019
4. Restart AutoCAD after installation
🔧 Temporary Workarounds
Disable SLDPRT file association
windowsPrevent AutoCAD from automatically opening SLDPRT files
Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .sldprt to open with Notepad or another safe viewer
Implement file extension filtering
allBlock SLDPRT files at email gateways and web proxies
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized AutoCAD execution
- Train users to never open SLDPRT files from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check AutoCAD version against affected versions listed in Autodesk advisory ADSK-SA-2024-0019Check Version:
AutoCAD: Type ABOUT command in AutoCAD interface or check Help > AboutVerify Fix Applied:
Verify AutoCAD version matches or exceeds patched version from Autodesk advisory📡 Detection & Monitoring
Log Indicators:
- AutoCAD crash logs with odxsw_dll.dll references
- Windows Application Event Logs with AutoCAD faulting module odxsw_dll.dll
Network Indicators:
- Unusual outbound connections from AutoCAD process
- Downloads of SLDPRT files from untrusted sources
SIEM Query:
EventID=1000 AND ProcessName="acad.exe" AND FaultModuleName="odxsw_dll.dll"