CVE-2021-27043

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
autodeskCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
autodeskadvance_steel
2019 ≤
𝑥
< 2019.1.3
autodeskadvance_steel
2020 ≤
𝑥
< 2020.1.4
autodeskadvance_steel
2021 ≤
𝑥
< 2021.1.1
autodeskadvance_steel
2022 ≤
𝑥
< 2022.0.1
autodeskautocad
2019 ≤
𝑥
< 2019.1.3
autodeskautocad
2020 ≤
𝑥
< 2020.1.4
autodeskautocad
2021 ≤
𝑥
< 2021.1.1
autodeskautocad
2022 ≤
𝑥
< 2022.0.1
autodeskautocad_architecture
2019 ≤
𝑥
< 2019.1.3
autodeskautocad_architecture
2020 ≤
𝑥
< 2020.1.4
autodeskautocad_architecture
2021 ≤
𝑥
< 2021.1.1
autodeskautocad_architecture
2022 ≤
𝑥
≤ 2022.0.1
autodeskautocad_electrical
2019 ≤
𝑥
< 2019.1.3
autodeskautocad_electrical
2020 ≤
𝑥
< 2020.1.4
autodeskautocad_electrical
2021 ≤
𝑥
< 2021.1.1
autodeskautocad_electrical
2022 ≤
𝑥
< 2022.0.1
autodeskautocad_lt
2019 ≤
𝑥
< 2019.1.3
autodeskautocad_lt
2020 ≤
𝑥
< 2020.1.4
autodeskautocad_lt
2021 ≤
𝑥
< 2021.1.1
autodeskautocad_lt
2022 ≤
𝑥
< 2022.0.1
autodeskautocad_map_3d
2019 ≤
𝑥
< 2019.1.3
autodeskautocad_map_3d
2020 ≤
𝑥
< 2020.1.4
autodeskautocad_map_3d
2021 ≤
𝑥
< 2021.1.1
autodeskautocad_map_3d
2022 ≤
𝑥
< 2022.0.1
autodeskautocad_mechanical
2019 ≤
𝑥
< 2019.1.3
autodeskautocad_mechanical
2020 ≤
𝑥
< 2020.1.4
autodeskautocad_mechanical
2021 ≤
𝑥
< 2021.1.1
autodeskautocad_mechanical
2022 ≤
𝑥
< 2022.0.1
autodeskautocad_mep
2019 ≤
𝑥
< 2019.1.3
autodeskautocad_mep
2020 ≤
𝑥
< 2020.1.4
autodeskautocad_mep
2021 ≤
𝑥
< 2021.1.1
autodeskautocad_mep
2022 ≤
𝑥
< 2022.0.1
autodeskautocad_plant_3d
2019 ≤
𝑥
< 2019.1.3
autodeskautocad_plant_3d
2020 ≤
𝑥
< 2020.1.4
autodeskautocad_plant_3d
2021 ≤
𝑥
< 2021.1.1
autodeskautocad_plant_3d
2022 ≤
𝑥
< 2022.0.1
autodeskcivil_3d
2019 ≤
𝑥
< 2019.1.3
autodeskcivil_3d
2020 ≤
𝑥
< 2020.1.4
autodeskcivil_3d
2021 ≤
𝑥
< 2021.1.1
autodeskcivil_3d
2022 ≤
𝑥
< 2022.0.1
autodeskdwg_trueview
2022 ≤
𝑥
< 2022.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007