CVE-2024-12194

Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom (affected versions not specified) Autodesk Navisworks Simulate (affected versions not specified) Autodesk Navisworks Manage (affected versions not specified)

Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can cause a memory corruption issue. This can allow a malicious actor to execute arbitrary code in the context of the current process. The vulnerability is related to the copying of a buffer without checking the size of the input data.

Recommendations: For Autodesk Navisworks Freedom, consider disabling the DWFX file parsing functionality until a patch is available. For Autodesk Navisworks Simulate, restrict access to the DWFX file parsing module to minimize the risk of exploitation. For Autodesk Navisworks Manage, avoid using the affected DWFX file parsing functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.