A series of critical vulnerabilities have been discovered in the file reading procedure utilized by eDrawings software from SOLIDWORKS 2023 through SOLIDWORKS 2024. The vulnerabilities encompass a heap-based buffer overflow, memory corruption, out-of-bounds read, out-of-bounds write, stack-based buffer overflow, type confusion, uninitialized variable, and use-after-free which are all possible during opening of a specially crafted file format like CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B, or X_T. A successful exploit of these vulnerabilities could allow an attacker to execute arbitrary code on the victim's system.

Heap-based Buffer Overflow Vulnerability

When opening a specially crafted file, an attacker can trigger a heap-based buffer overflow by manipulating the file size and crafting a large amount of data. This, in effect, leads to memory corruption, allowing arbitrary code execution.

Code Snippet

void vulnerable_function(char *input_data, size_t data_size){
  char *buffer = (char*) malloc(1024 * sizeof(char));
  memcpy(buffer, input_data, data_size);
}

Memory Corruption Vulnerability

A memory corruption vulnerability exists when opening maliciously crafted files. The software fails to properly handle an edge case, resulting in memory corruption, and potentially leading to arbitrary code execution.

3. Out-Of-Bounds Read/Write Vulnerabilities

Out-of-bounds read and write vulnerabilities can lead to the reading or writing of data outside the defined bounds of the buffer. When opening specially crafted files, an attacker can trigger these vulnerabilities and potentially execute arbitrary code.

Stack-based Buffer Overflow Vulnerability

Like the heap-based buffer overflow, a stack-based buffer overflow vulnerability can be triggered by opening a specially crafted file causing the attacker to overwrite the return address on the stack. This results in control over the execution flow and the potential execution of arbitrary code.

Type Confusion Vulnerability

A type confusion vulnerability occurs when the software uses an object of incorrect type. While opening a maliciously crafted file, an attacker can exploit a type confusion vulnerability, which also results in arbitrary code execution.

Uninitialized Variable Vulnerability

An uninitialized variable vulnerability can lead to arbitrary code execution, usually as a result of the software attempting to use an uninitialized variable while reading a maliciously crafted file.

Use-After-Free Vulnerability

A use-after-free vulnerability exists when the software mistakenly uses memory after it has been freed, resulting in arbitrary code execution. An attacker can exploit this vulnerability by triggering a use-after-free while opening a maliciously crafted file.

Original References

1. CVE-2024-1847 - Heap-based buffer overflow in eDrawings file reading procedure
2. SOLIDWORKS Security Notification - Official SOLIDWORKS security notification and patch details

Mitigation

To mitigate these vulnerabilities, users are advised to apply patches and updates from SOLIDWORKS as soon as they become available, as well as exercise caution when opening files from unknown or untrusted sources. Regularly backing up important files and maintaining up-to-date antivirus software are also advisable best practices for avoiding the consequences of successful exploitation.

Conclusion

The series of critical vulnerabilities found in the eDrawings file reading procedure from SOLIDWORKS 2023 through SOLIDWORKS 2024 could allow an attacker to execute arbitrary code on the victim's system. Users must remain proactive in applying patches and updates as they become available, as well as adopt defensive practices when using the software to avoid potential exploitation.

Timeline

Published on: 02/28/2024 18:15:45 UTC
Last modified on: 02/29/2024 13:49:47 UTC