CVE-2021-22645

Name of the Vulnerable Software and Affected Versions Luxion KeyShot versions prior to 10.1 Luxion KeyShot Viewer versions prior to 10.1 Luxion KeyShot Network Rendering versions prior to 10.1 Luxion KeyVR versions prior to 10.1

Description The issue is related to insufficient warning about dangerous actions in the 3D model rendering software. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The .bip documents display a "load" command, which can be pointed to a .dll from a remote network share, allowing the .dll entry point to be executed without sufficient UI warning.

Recommendations For Luxion KeyShot versions prior to 10.1, update to version 10.1 or later to resolve the issue. For Luxion KeyShot Viewer versions prior to 10.1, update to version 10.1 or later to resolve the issue. For Luxion KeyShot Network Rendering versions prior to 10.1, update to version 10.1 or later to resolve the issue. For Luxion KeyVR versions prior to 10.1, update to version 10.1 or later to resolve the issue. As a temporary workaround, consider disabling the "load" command in .bip documents to prevent execution of remote .dll files until a patch is available.