CVE-2024-8598 – A memory corruption vulnerability in Autodesk A... (How to Fix)

Q: What is the severity of CVE-2024-8598?

CVE-2024-8598 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in Autodesk AutoCAD's ACTranslators.exe allows attackers to execute arbitrary code by tricking users into opening malicious STP files. This affects AutoCAD users who process untrusted STP files. Successful exploitation could lead to complete system compromise.

📋 TL;DR

A memory corruption vulnerability in Autodesk AutoCAD's ACTranslators.exe allows attackers to execute arbitrary code by tricking users into opening malicious STP files. This affects AutoCAD users who process untrusted STP files. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: Multiple versions prior to the security update

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in ACTranslators.exe component when processing STP files. All default installations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with current user privileges, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash or limited code execution for privilege escalation if combined with other vulnerabilities.

🟢

If Mitigated

Denial of service through application crash if proper network segmentation and file validation are in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but could be delivered via email or web downloads.

🏢 Internal Only: HIGH - Internal users frequently exchange CAD files, making social engineering attacks effective within organizations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious STP file. Memory corruption vulnerabilities often lead to reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk Security Advisory ADSK-SA-2024-0019 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019

Restart Required: Yes

Instructions:

1. Open AutoCAD. 2. Navigate to Help > About. 3. Check for updates. 4. Install available security updates. 5. Restart AutoCAD and system if prompted.

🔧 Temporary Workarounds

Disable STP file association

windows

Prevent AutoCAD from automatically opening STP files

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .stp association to Notepad or other safe viewer

Implement file validation

windows

Use application whitelisting to block untrusted STP files

Windows: Configure AppLocker or Windows Defender Application Control to restrict STP file execution

🧯 If You Can't Patch

Implement network segmentation to isolate AutoCAD workstations
Educate users to never open STP files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against patched versions listed in Autodesk Security Advisory ADSK-SA-2024-0019

Check Version:

In AutoCAD: Type 'ABOUT' command or check Help > About dialog

Verify Fix Applied:

Verify AutoCAD version is updated to patched version and test with known safe STP files

📡 Detection & Monitoring

Log Indicators:

Application crashes of ACTranslators.exe
Unexpected process creation from AutoCAD
Multiple failed STP file parsing attempts

Network Indicators:

Unusual outbound connections from AutoCAD workstations
STP file downloads from suspicious sources

SIEM Query:

Process:ACTranslators.exe AND (EventID:1000 OR EventID:1001) OR FileExtension:.stp AND SourceIP:(suspicious_ips)

📊 Metadata

CVE ID: CVE-2024-8598

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: October 29, 2024

Last Updated: April 11, 2025

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8598, you might also want to check these: