CVE-2024-12179

Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom (affected versions not specified) Autodesk Navisworks Simulate (affected versions not specified) Autodesk Navisworks Manage (affected versions not specified)

Description: A maliciously crafted DWFX file can cause a Heap-based Overflow vulnerability when parsed through Autodesk Navisworks. This can be leveraged by a malicious actor to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. The vulnerability is related to a buffer overflow in dynamic memory.

Recommendations: For Autodesk Navisworks Freedom, consider disabling the DWFX file parsing functionality until a patch is available. For Autodesk Navisworks Simulate, restrict access to the DWFX file parsing module to minimize the risk of exploitation. For Autodesk Navisworks Manage, avoid using the DWFX file parsing feature in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.