CVE-2024-3299
CVSS 3.1 Score 7.8 of 10 (high)
Attack Complexity low
Confidentiality high
Integrity high
Availability high
Scope unchanged
Privileges Required none
Details
Published Apr 4, 2024
CWE ID 787
CWE ID 416
CWE ID 908
Summary
CVE-2024-3299 is a critical vulnerability affecting eDrawings from SOLIDWORKS 2023 to 2024. This issue consists of three distinct flaws: Out-Of-Bounds Write, Use of Uninitialized Resource, and Use-After-Free. These vulnerabilities are present in the file reading procedure and can be exploited by an attacker to execute arbitrary code. The vulnerability arises when opening a maliciously crafted SLDDRW or SLDPRT file. This issue was previously identified as part of CVE-2024-1847 but has since been split into a separate vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share