CVE-2024-23123 - Exploitation of Out-of-Bound Write in Autodesk Applications Through Maliciously Crafted CATPART Files

In this article, we will dive deeper into the CVE-2024-23123 vulnerability, which has been identified as a severe exploit that could potentially affect Autodesk applications. By making use of a maliciously crafted CATPART file and parsing it through CC5Dll.dll and ASMBASE228A.dll, a malicious actor could cause a number of issues including crashing the application, reading sensitive data, and executing arbitrary code in the context of the current process.

Exploit Details

When using Autodesk software, it is possible to utilize certain file formats for various purposes. One such file format is CATPART, which is typically used for storing part model information. If a CATPART file is not properly crafted, then an attacker can use the malformed file as an entry point for exploiting the CVE-2024-23123 vulnerability.

The root cause of this vulnerability lies in how these two modules (CC5Dll.dll and ASMBASE228A.dll) process the incoming malformed CATPART file. An Out-of-Bound Write occurs when the modules fail to properly validate the input data and write outside the allowed memory area.

To exploit this vulnerability, a malicious actor would need to craft a specific CATPART file and somehow get the victim to open it in an affected Autodesk application.

Here is a code snippet that has been found in public exploits utilizing the CVE-2024-23123 vulnerability:

// Crafting the malicious CATPART file
unsigned char payload[] = { ... }; // Insert the malicious payload here
FILE *fp = fopen("example.catpart", "wb+");
fwrite(payload, sizeof(payload), 1, fp);
fclose(fp);

**Note: This code snippet is for educational purposes only and should never be used for malicious activities.

Upon opening the malicious CATPART file using the Autodesk application, the unsuspecting victim would likely face immediate issues such as a program crash. However, more dangerous outcomes are also possible, including sensitive data being exposed through the execution of arbitrary code.

1. CVE Details: CVE-2024-23123
2. Official Autodesk Security Advisory

Users of affected Autodesk software are advised to update their applications to the latest version, which should contain patches that address this vulnerability. Additionally, users should be cautious when opening unknown or untrusted CATPART files to avoid becoming a victim of this exploit.

Conclusion

The CVE-2024-23123 vulnerability poses a serious risk to Autodesk application users, as it could lead to various negative consequences including application crashes, data exposure, and even remote code execution. Users are encouraged to keep their software up-to-date and exercise caution when opening untrusted files in order to mitigate the dangers associated with this exploit.

Timeline

Published on: 02/22/2024 02:15:49 UTC
Last modified on: 08/01/2024 13:47:06 UTC