CVE-2024-12200

Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom (affected versions not specified) Autodesk Navisworks Simulate (affected versions not specified) Autodesk Navisworks Manage (affected versions not specified)

Description: The issue is related to an Out-of-Bounds Write vulnerability when handling a maliciously crafted DWFX file. This can allow an attacker to cause a crash, data corruption, or execute arbitrary code in the context of the current process. The vulnerability is associated with the parsing of DWFX files in Autodesk Navisworks software.

Recommendations: For Autodesk Navisworks Freedom, consider disabling the DWFX file parsing functionality until a patch is available. For Autodesk Navisworks Simulate, restrict access to the DWFX file parsing module to minimize the risk of exploitation. For Autodesk Navisworks Manage, avoid using the DWFX file parsing feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.