CVE-2024-9997
📋 TL;DR
A memory corruption vulnerability in Autodesk AutoCAD's DWG file parser (acdb25.dll) allows attackers to crash applications, leak sensitive data, or execute arbitrary code by tricking users into opening malicious DWG files. This affects AutoCAD users who open untrusted DWG files. The vulnerability requires user interaction but can lead to full system compromise.
💻 Affected Systems
- Autodesk AutoCAD
📦 What is this software?
Autocad by Autodesk
Autocad Lt by Autodesk
Autocad Mep by Autodesk
Dwg Trueview by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the AutoCAD process, potentially leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Application crashes and denial of service from malformed files, with potential for limited data exposure or code execution in targeted attacks.
If Mitigated
Limited impact with proper security controls - crashes may occur but code execution is prevented by security mitigations like ASLR/DEP.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). Memory corruption vulnerabilities in file parsers are commonly weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Autodesk Security Advisory ADSK-SA-2024-0021 for specific patched versions
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021
Restart Required: Yes
Instructions:
1. Open AutoCAD
2. Navigate to Help > About
3. Check for updates or use Autodesk Desktop App
4. Apply available security updates
5. Restart AutoCAD after installation
🔧 Temporary Workarounds
Restrict DWG file handling
windowsConfigure AutoCAD to only open DWG files from trusted sources using application control policies.
Disable automatic file opening
allConfigure AutoCAD to prompt before opening any DWG files rather than opening automatically.
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized AutoCAD execution
- Use email/web gateways to block DWG attachments from untrusted sources
- Train users to never open DWG files from unknown sources
🔍 How to Verify
Check if Vulnerable:
Check AutoCAD version against patched versions listed in Autodesk advisory ADSK-SA-2024-0021Check Version:
In AutoCAD: Help > About or command line: acad.exe /versionVerify Fix Applied:
Verify AutoCAD version is updated to patched version and test with sample DWG files📡 Detection & Monitoring
Log Indicators:
- AutoCAD crash logs with acdb25.dll references
- Unexpected process termination events
- Security logs showing file access to suspicious DWG files
Network Indicators:
- Downloads of DWG files from untrusted sources
- Unusual outbound connections after DWG file processing
SIEM Query:
EventID=1000 OR EventID=1001 AND ProcessName="acad.exe" AND FaultModuleName="acdb25.dll"