CVE-2024-12192

Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom (affected versions not specified) Autodesk Navisworks Simulate (affected versions not specified) Autodesk Navisworks Manage (affected versions not specified)

Description: A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write issue. This can be leveraged by a malicious actor to cause a crash, data corruption, or execute arbitrary code in the context of the current process. The issue is related to a buffer overflow in memory, which can allow an attacker to cause a denial of service or execute arbitrary code.

Recommendations: For Autodesk Navisworks Freedom, consider disabling DWF file parsing until a patch is available. For Autodesk Navisworks Simulate, restrict the use of DWF files to minimize the risk of exploitation. For Autodesk Navisworks Manage, avoid parsing specially crafted DWF files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.