CVE-2024-23122: Uncovering a Critical Vulnerability in opennurbs.dll for Autodesk® Applications through Malicious 3DM Files

Security researchers have discovered a critical vulnerability, assigned the identifier CVE-2024-23122, in opennurbs.dll for Autodesk® applications such as AutoCAD®, Fusion 360®, and 3ds Max®. This vulnerability can be exploited through a maliciously crafted 3DM file, potentially causing significant damage, including crashes, unauthorized access to sensitive data, and even arbitrary code execution. This blog post is aimed at explaining the details surrounding CVE-2024-23122, its potential impact, and providing references on how to mitigate this vulnerability.

The Vulnerability

CVE-2024-23122 specifically targets opennurbs.dll, a widely-used library for handling 3DM files in Autodesk® applications. When a specially crafted 3DM file is parsed by this library, it can trigger an Out-of-Bound Write, allowing a malicious actor to access unintended memory locations. This can result in a wide range of nefarious outcomes such as crashing the application, reading sensitive data, or even executing arbitrary code in the context of the current process.

Code Snippet

Let's take a look at a simplified code snippet that demonstrates how an opennurbs.dll function could parse a 3DM file in a vulnerable manner:

#include <iostream>
#include <cstring>

int loadImageData(char *filename, unsigned char *buffer, int bufferSize);

void parse_3dm_file(const char *filename) {
    const int MAX_BUFFER_SIZE = 1024;
    unsigned char buffer[MAX_BUFFER_SIZE];

    int imageSize = loadImageData(filename, buffer, MAX_BUFFER_SIZE);
    if (imageSize > MAX_BUFFER_SIZE) {
       // This introduces an Out-of-Bound Write vulnerability.
       memcpy(buffer, buffer + MAX_BUFFER_SIZE, imageSize - MAX_BUFFER_SIZE);
    }

    // More processing code here...
}

int main(int argc, char *argv[]) {
    if (argc != 2) {
        std::cout << "Usage: " << argv[] << " <file_path>" << std::endl;
        return 1;
    }

    parse_3dm_file(argv[1]);

    return ;
}

The problem in the code above is that the memcpy function is used unsafely, copying data from outside the allocated buffer. If the 3DM file has been designed in a malicious manner, this could lead to an Out-of-Bound Write, as noted in the comments.

Exploit Details

The CVE-2024-23122 vulnerability can be exploited by an attacker to cause several outcomes, depending on the attacker's goals:

1. Crash: Force a targeted application, running a vulnerable version of opennurbs.dll, to crash and become unresponsive.
2. Data Access: Read sensitive data from the running process, potentially including personal user information or proprietary company data.
3. Arbitrary Code Execution: Execute arbitrary code within the context of the current process, possibly gaining further control over the system.

Mitigation

To protect from this vulnerability, users are advised to update their Autodesk® software to the latest available versions. Autodesk® has released patches addressing CVE-2024-23122, which can be found in the links below:

- AutoCAD®: https://knowledge.autodesk.com/support/autocad/downloads
- Fusion 360®: https://help.autodesk.com/cloudhelp/ENU/Fusion360Patches
- 3ds Max®: https://knowledge.autodesk.com/support/3ds-max/downloads

Additionally, users should exercise caution when opening 3DM files from untrusted sources, as well as maintain up-to-date antivirus and antimalware software on their systems.

Conclusion

CVE-2024-23122 is a critical vulnerability affecting opennurbs.dll in Autodesk® applications and posing significant risks for users. It's essential to remain vigilant and take necessary precautions, such as updating your software and using caution with unknown 3DM files. Stay informed on the latest patches and updates to protect your valuable data and projects from potential harm.

Timeline

Published on: 02/22/2024 02:15:49 UTC
Last modified on: 08/01/2024 13:47:05 UTC