2021-02-09 23:00:59 +00:00
{
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
"CVE_data_meta" : {
"ID" : "CVE-2021-27043" ,
2021-06-25 13:00:49 +00:00
"ASSIGNER" : "psirt@autodesk.com" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "n/a" ,
"product" : {
"product_data" : [
{
"product_name" : "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D" ,
"version" : {
"version_data" : [
{
2022-04-13 18:01:34 +00:00
"version_value" : "2022.1.1"
2021-06-25 13:00:49 +00:00
}
]
}
}
]
}
}
]
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Write-what-where Condition Vulnerabiliity"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"refsource" : "MISC" ,
2022-04-13 18:01:34 +00:00
"name" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007" ,
"url" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
2021-06-25 13:00:49 +00:00
}
]
2021-02-09 23:00:59 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2021-06-25 13:00:49 +00:00
"value" : "An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application."
2021-02-09 23:00:59 +00:00
}
]
}
}
