CVE-2022-41303 An attacker may trick a user into opening a malicious FBX file containing a use-after-free vulnerability to run arbitrary code in the application.
The discovered vulnerability is actively exploited in spear phishing campaigns against enterprise employees. An attacker may trick an employee into opening a malicious email that may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. The discovered vulnerability is actively exploited in spear phishing campaigns against enterprise employees. An attacker may trick an employee into opening a malicious email that may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. Common vectors used in these attacks include: - Email spoofing - Malicious PDFs - Spear phishing attacks - Remote code execution In the above-mentioned cases, an attacker may exploit the vulnerable application installed on the targeted device to run arbitrary code on the system. An attacker might steal sensitive information (e.g. login credentials, etc.), install a rootkit, or perform any other type of malicious activity. You should also be aware that exploitation of this vulnerability may result in data being exfiltrated from the device. An attacker may request sensitive information such as login credentials, and may even request root privileges on the device
What does Autodesk FBX SDK version 2020 do?
Autodesk FBX SDK version 2020 is a software application that allows users to create and modify 3D models. The software package is installed on the user's machine and typically runs as a background service. The vulnerability may allow an attacker to programmatically execute arbitrary code on the system by tricking the user into opening a malicious email or other file in Autodesk FBX SDK 2020.
Spear Phishing Attacks
There are three types of spear phishing attacks: - The initial email contains a link to a malicious website - The initial email contains a link to a malicious file - The initial email is an attachment that exploits the vulnerability described above An attacker may send a phishing email to elicit information from the recipient. Commonly, these emails appear as if they’re coming from a member of the organization, who may have an interest in providing special access or granting privileges within the organization. In fact, it is these types of spear-phishing attacks that have been used in many high-profile breaches including the recent attack on Google's Nexus 6P by North Korea and the 2016 SWIFT hack.
How to identify FBX SDK 2020 version?
The Autodesk FBX SDK 2020 version is used in Autodesk products such as 3ds Max, Maya, and MotionBuilder. To check the current version of the software you are using, open the application from your computer and then click on Help > About in the upper-left corner of the screen. You will see this information displayed by default.
Vulnerable Code
The following Autodesk FBX SDK 2020 code references a memory location controlled by a third party without first verifying access control permissions:
void CreateBuffers(void *outbuf, size_t outlen)
{
if (!m_pFBXFile) {
return NULL;
}
*outbuf = m_pFBXFile->m_pOBJData;
*outbuf = m_pFBXFile->m_pOBJData + m_nBufferOffset;
*outbuf += outlen - 1; // Append length to buffer.
Timeline
Published on: 10/14/2022 17:15:00 UTC
Last modified on: 10/19/2022 05:49:00 UTC