CVE-2024-3299

Name of the Vulnerable Software and Affected Versions eDrawings versions Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024

Description The issue exists in the file reading procedure, allowing an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. This is due to Out-Of-Bounds Write, Use of Uninitialized Resource, and Use-After-Free vulnerabilities.

Recommendations For versions Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024, consider avoiding the use of SLDDRW and SLDPRT files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the file reading procedure to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.