CVERadar

CVE-2024-1848

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00053/1

CVE-2024-1848 is a high-risk vulnerability affecting SOLIDWORKS Desktop, potentially allowing attackers to execute arbitrary code. This stems from multiple issues including heap-based buffer overflows, memory corruption, and use-after-free vulnerabilities within the file reading process. Successfully exploiting CVE-2024-1848 allows an attacker to run malicious code by simply opening a specially crafted file (CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T). Given the existence of multiple vulnerabilities, exploitation could be easily chained for maximum impact. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) of 30 indicates a moderate level of risk, suggesting that while not critical, the vulnerability should still be addressed to prevent potential exploitation. This is because of its presence "In The Wild." Addressing this vulnerability is crucial to prevent unauthorized code execution and maintain the integrity of SOLIDWORKS environments. A successful exploit can lead to system compromise and data breaches.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-1848 | Dassault Systèmes SOLIDWORKS Desktop 2024/2024 SP1 File use after free

vuldb.com2025-04-13

CVE-2024-1848 | Dassault Systèmes SOLIDWORKS Desktop 2024/2024 SP1 File use after free | A vulnerability has been found in Dassault Systèmes SOLIDWORKS Desktop 2024/2024 SP1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component File Handler. The manipulation leads to use after free. This vulnerability is known as CVE-2024-1848. It is possible to launch the attack

vuldb.com

rss

forum

news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://www.3ds.com/vulnerability/advisories

CWE Details

CWE ID	CWE Name	Description
CWE-122	Heap-based Buffer Overflow	A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787	Out-of-bounds Write	The software writes data past the end, or before the beginning, of the intended buffer.
CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')	The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
CWE-125	Out-of-bounds Read	The software reads data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence