Rewterz Threat Alert – AcidRain Wiper – Active IOCs – Russian-Ukrainian Cyber Warfare
April 6, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
April 6, 2022Rewterz Threat Alert – AcidRain Wiper – Active IOCs – Russian-Ukrainian Cyber Warfare
April 6, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
April 6, 2022Severity
High
Analysis Summary
CVE-2022-27528 CVSS:7.8
Autodesk Navisworks Freedom and Autodesk Navisworks Manage could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when parsing DWFX and SKP files. By persuading a victim to open a specially-crafted file or visit a malicious page, an attacker could exploit this vulnerability to execute arbitrary code on the system in the context of the current process.
CVE-2022-25796 CVSS:7.8
Autodesk Navisworks Freedom could allow a remote attacker to execute arbitrary code on the system, caused by a double-free flaw when parsing DWF files. By persuading a victim to open a specially-crafted DWF file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicator Of Compromise
CVE
- CVE-2022-27528
- CVE-2022-25796
Affected Vendors
Autodesk
Affected Products
- Autodesk Navisworks Freedom 2022
- Autodesk Navisworks Manage 2022
Remediation
Refer to Autodesk Security Advisory for patch, upgrade or suggested workaround information.