Design Review
CVE-2021-27033
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process.
AnalysisAI
A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-415. A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process. Affected products include: Autodesk Design Review.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Design Review
View allA Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PD
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitra
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
Same weakness CWE-415 – Double Free
View allShare
External POC / Exploit Code
Leaving vuln.today