CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8587

Critical Severity
Autodesk
SVRS
70/100
CVSSv3
7.8/10
EPSS
0.0001/1

CVE-2024-8587 is a Heap Based Buffer Overflow vulnerability in Autodesk AutoCAD. This flaw arises when parsing a maliciously crafted SLDPRT file via odxsw_dll.dll. An attacker could exploit this vulnerability to trigger a crash, manipulate sensitive data, or execute arbitrary code within the current process context. While the CVSS score is 7.8, indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 70. Although not critical (above 80), this still presents a significant risk. The presence of the "In The Wild" tag further elevates concern. Immediate patching and vigilance are recommended to mitigate potential exploitation and prevent unauthorized access or system compromise.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-04-11
LAST MODIFIED2024-10-29

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-8587 | Autodesk AutoCAD 2025.1 SLDPRT File odxsw_dll.dll heap-based overflow (Nessus ID 210051)
vuldb.com2025-03-02
CVE-2024-8587 | Autodesk AutoCAD 2025.1 SLDPRT File odxsw_dll.dll heap-based overflow (Nessus ID 210051) | A vulnerability was found in Autodesk AutoCAD 2025.1. It has been classified as critical. Affected is an unknown function in the library odxsw_dll.dll of the component SLDPRT File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-8587<
vuldb.com
rss
forum
news
ZDI-24-1441: Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2024-12-02
ZDI-24-1441: Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8587.
zerodayinitiative.com
rss
forum
news
CVE-2024-8587 | Autodesk AutoCAD 2025.1 SLDPRT File odxsw_dll.dll heap-based overflow
vuldb.com2024-10-31
CVE-2024-8587 | Autodesk AutoCAD 2025.1 SLDPRT File odxsw_dll.dll heap-based overflow | A vulnerability was found in Autodesk AutoCAD 2025.1. It has been classified as critical. Affected is an unknown function in the library odxsw_dll.dll of the component SLDPRT File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-8587. It
vuldb.com
rss
forum
news

Social Media

🚨 Critical heap overflow in Autodesk AutoCAD 2025.1 SLDPRT File Handler (CVE-2024-8587). Remote exploitation possible. Update AutoCAD immediately and monitor for signs of compromise. #CyberSecurity #Vulnerability
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppAutodeskautocad_mechanical
AppAutodeskautocad_mep
AppAutodeskadvance_steel
AppAutodeskautocad_plant_3d
AppAutodeskautocad_architecture
AppAutodeskcivil_3d
AppAutodeskautocad_electrical
AppAutodeskautocad

References

ReferenceLink
[email protected]https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019

CWE Details

CWE IDCWE NameDescription
CWE-122Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence