CVE-2024-12670

Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom (affected versions not specified) Autodesk Navisworks Simulate (affected versions not specified) Autodesk Navisworks Manage (affected versions not specified)

Description: The issue is related to a Heap-based Overflow vulnerability in the DWF file parsing functionality. This vulnerability can be exploited by a malicious actor using a specially crafted DWF file, potentially allowing them to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Recommendations: For Autodesk Navisworks Freedom, consider disabling the DWF file parsing functionality until a patch is available. For Autodesk Navisworks Simulate, restrict access to the DWF file parsing module to minimize the risk of exploitation. For Autodesk Navisworks Manage, avoid using the DWF file parsing functionality with untrusted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.