CVE-2024-11454: Untrusted Search Path vulnerability in Autodesk Revit
First published: Mon Dec 09 2024(Updated: )
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Revit Architecture |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-11454?
CVE-2024-11454 is rated as critical due to its potential for executing arbitrary code.
How do I fix CVE-2024-11454?
To mitigate CVE-2024-11454, ensure that no untrusted DLL files are placed in the same directory as RVT files.
Which software is affected by CVE-2024-11454?
CVE-2024-11454 affects Autodesk Revit and its associated applications.
What type of attack does CVE-2024-11454 enable?
CVE-2024-11454 enables code execution attacks via maliciously crafted DLL files.
What conditions lead to the vulnerability in CVE-2024-11454?
CVE-2024-11454 arises when untrusted search paths are utilized in the loading of DLL files by Autodesk Revit.
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/autodesk
- canonical/autodesk revit architecture