ZDI-24-1710: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-12200.

chromium-131.0.6778.204-1.el10_0

FEDORA-EPEL-2024-b98ed0b39c Packages in this update: chromium-131.0.6778.204-1.el10_0 Update description: Update to 131.0.6778.204 High CVE-2024-12692: Type Confusion in V8 High CVE-2024-12693: Out...

December 20, 2024

chromium-131.0.6778.204-1.el8

FEDORA-EPEL-2024-c27d1a40bc Packages in this update: chromium-131.0.6778.204-1.el8 Update description: Update to 131.0.6778.204 High CVE-2024-12692: Type Confusion in V8 High CVE-2024-12693: Out...

December 20, 2024

chromium-131.0.6778.204-1.fc41

FEDORA-2024-21c7531146 Packages in this update: chromium-131.0.6778.204-1.fc41 Update description: Update to 131.0.6778.204 High CVE-2024-12692: Type Confusion in V8 High CVE-2024-12693: Out...

December 20, 2024

chromium-131.0.6778.204-1.fc40

FEDORA-2024-4808dce926 Packages in this update: chromium-131.0.6778.204-1.fc40 Update description: Update to 131.0.6778.204 High CVE-2024-12692: Type Confusion in V8 High CVE-2024-12693: Out...

December 20, 2024

chromium-131.0.6778.204-1.el9

FEDORA-EPEL-2024-74ea1d7890 Packages in this update: chromium-131.0.6778.204-1.el9 Update description: Update to 131.0.6778.204 High CVE-2024-12692: Type Confusion in V8 High CVE-2024-12693: Out...

December 20, 2024

USN-7178-1: DPDK vulnerability

It was discovered that DPDK incorrectly handled the Vhost library checksum offload feature. An malicious guest could possibly use this...

December 19, 2024

CISA Urges Encrypted Messaging After Salt Typhoon Hack

Ransomware Attackers Target Industries with Low Downtime Tolerance

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

US Organizations Still Using Kaspersky Products Despite Ban

Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme

Mailbox Insecurity

New Malware Can Kill Engineering Processes in ICS Environments

EU Opens Door for AI Training Using Personal Data

Crypto-Hackers Steal $2.2bn as North Koreans Dominate

ZDI-24-1710: Autodesk Navisworks Freedom DWFX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

chromium-131.0.6778.204-1.el10_0

chromium-131.0.6778.204-1.el8

chromium-131.0.6778.204-1.fc41

chromium-131.0.6778.204-1.fc40

chromium-131.0.6778.204-1.el9

USN-7178-1: DPDK vulnerability