CVE-2024-8600
📋 TL;DR
A memory corruption vulnerability in Autodesk AutoCAD allows attackers to execute arbitrary code by tricking users into opening malicious SLDPRT files. This affects AutoCAD users who open untrusted CAD files. Successful exploitation gives attackers the same privileges as the AutoCAD process.
💻 Affected Systems
- Autodesk AutoCAD
📦 What is this software?
Autocad by Autodesk
Autocad Mep by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the AutoCAD user, potentially leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Application crash or limited data corruption when users open malicious files from untrusted sources.
If Mitigated
No impact if users only open trusted files from verified sources and AutoCAD runs with limited privileges.
🎯 Exploit Status
Exploitation requires user interaction to open malicious file. Memory corruption vulnerabilities can be complex to weaponize reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version specified in Autodesk advisory ADSK-SA-2024-0019
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019
Restart Required: Yes
Instructions:
1. Open AutoCAD. 2. Go to Help > About. 3. Check current version. 4. Visit Autodesk Trust Center. 5. Download and install the security update for your version. 6. Restart AutoCAD and computer.
🔧 Temporary Workarounds
Block SLDPRT file extensions
windowsPrevent AutoCAD from opening SLDPRT files via group policy or application restrictions
Group Policy: Computer Configuration > Administrative Templates > Windows Components > Attachment Manager > 'Do not preserve zone information' = Enabled
Run AutoCAD with limited privileges
allConfigure AutoCAD to run with standard user privileges instead of administrator rights
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of malicious code
- Educate users to never open CAD files from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check AutoCAD version against affected versions in Autodesk advisory ADSK-SA-2024-0019Check Version:
In AutoCAD: Help > About or command line: acad.exe /versionVerify Fix Applied:
Verify AutoCAD version is updated to patched version specified in advisory📡 Detection & Monitoring
Log Indicators:
- AutoCAD crash logs with odxsw_dll.dll errors
- Windows Application Event Logs with AutoCAD faulting module odxsw_dll.dll
Network Indicators:
- Downloads of SLDPRT files from untrusted sources
- Outbound connections from AutoCAD process after file opening
SIEM Query:
EventID=1000 AND ProcessName="acad.exe" AND FaultingModule="odxsw_dll.dll"