Mohamed Shetta

**Name of the Vulnerable Software and Affected Versions** SolidWorks Workgroup PDM version 2014 SP2 **Description** The issue is related to multiple stack-based buffer overflows in the pdmwService.exe component. This can be exploited by remote attackers who send a long string in specific opcodes to port 3000, potentially allowing them to execute arbitrary code. The opcodes in question are 2001, 2002, and 2003. **Recommendations** For SolidWorks Workgroup PDM version 2014 SP2, consider restricting access to port 3000 to minimize the risk of exploitation. As a temporary workaround, limiting the length of strings accepted by the pdmwService.exe component for opcodes 2001, 2002, and 2003 could help mitigate the issue until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolidWorks Workgroup PDM version 2014 **Description** The issue allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload, potentially leading to unauthorized file modifications. **Recommendations** For SolidWorks Workgroup PDM version 2014, consider restricting file upload capabilities to trusted sources until a fix is available. As a temporary workaround, implement strict validation and sanitization of filenames to prevent directory traversal attacks.