CVE-2024-37002: Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
First published: Tue Jun 25 2024(Updated: )
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk AutoCAD 2024 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-37002?
CVE-2024-37002 has been classified as a critical vulnerability due to its potential to allow code execution.
How do I fix CVE-2024-37002?
To fix CVE-2024-37002, update your Autodesk AutoCAD 2024 to the latest version provided by Autodesk.
What applications are affected by CVE-2024-37002?
CVE-2024-37002 specifically affects Autodesk AutoCAD 2024 when using the ASMkern229A.dll library.
What type of exploitation is possible with CVE-2024-37002?
CVE-2024-37002 can be exploited to execute arbitrary code by leveraging uninitialized variables in a maliciously crafted MODEL file.
Are there any workarounds for CVE-2024-37002?
As of now, there are no known workarounds for CVE-2024-37002, and updating the software is the recommended course of action.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/source
- agent/title
- agent/event
- agent/severity
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/autodesk
- canonical/autodesk autocad 2024