A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00093.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Autodesk Subscribe
Advance Steel Subscribe
Autocad Subscribe
Autocad Advance Steel Subscribe
Autocad Architecture Subscribe
Autocad Civil 3d Subscribe
Autocad Electrical Subscribe
Autocad Map 3d Subscribe
Autocad Mechanical Subscribe
Autocad Mechnaical Subscribe
Autocad Mep Subscribe
Autocad Plant 3d Subscribe
Civil 3d Subscribe

Configuration 1 [-]

OR cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*

Configuration 9 [-]

OR cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-20652 A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 cve-icon cve-icon
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 cve-icon cve-icon
History

Wed, 27 Aug 2025 02:30:00 +0900

Type Values Removed Values Added
First Time appeared Autodesk autocad Mechnaical
CPEs cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
Vendors & Products Autodesk autocad Mechnaical

Sun, 13 Jul 2025 22:45:00 +0900

Type Values Removed Values Added
Metrics epss

{'score': 0.00192}

 epss

{'score': 0.00261}

Sat, 12 Apr 2025 01:15:00 +0900

Type Values Removed Values Added
First Time appeared Autodesk advance Steel
Autodesk autocad Architecture
Autodesk autocad Electrical
Autodesk autocad Map 3d
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Autodesk civil 3d
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Vendors & Products Autodesk advance Steel
Autodesk autocad Architecture
Autodesk autocad Electrical
Autodesk autocad Map 3d
Autodesk autocad Mechanical
Autodesk autocad Mep
Autodesk autocad Plant 3d
Autodesk civil 3d

Tue, 28 Jan 2025 04:15:00 +0900

Type Values Removed Values Added
First Time appeared Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Civil 3d
CPEs cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_advance_steel:2025:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:2024:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk autocad
Autodesk autocad Advance Steel
Autodesk autocad Civil 3d
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Jan 2025 03:15:00 +0900

Type Values Removed Values Added
Description A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Title Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2025-08-26T20:28:41.833Z

Reserved: 2024-01-11T21:47:40.856Z

Link: CVE-2024-23133

cve-icon Vulnrichment

Updated: 2024-08-01T22:59:31.217Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-22T04:15:08.917

Modified: 2025-12-31T00:40:45.947

Link: CVE-2024-23133

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses