NVD Vulnerability Detail

CVE-2021-27040

Summary	A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
Publication Date	June 25, 2021, 10:15 p.m.
Registration Date	June 26, 2021, 10 a.m.
Last Update	Nov. 21, 2024, 2:57 p.m.

CVSS3.1 : LOW
スコア	3.3
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	要
影響の想定範囲(S)	変更なし
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:autodesk:advance_steel::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:advance_steel::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:advance_steel::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:advance_steel::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:autocad::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:autocad::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:autocad::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:autocad::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:autocad_architecture::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:autocad_architecture::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:autocad_architecture::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:autocad_architecture::::::::	2022	2022.0.1
cpe:2.3:a:autodesk:civil_3d::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:civil_3d::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:civil_3d::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:civil_3d::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:autocad_electrical::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:autocad_electrical::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:autocad_electrical::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:autocad_electrical::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:autocad_lt::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:autocad_lt::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:autocad_lt::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:autocad_lt::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:autocad_map_3d::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:autocad_map_3d::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:autocad_map_3d::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:autocad_map_3d::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:autocad_mechanical::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:autocad_mechanical::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:autocad_mechanical::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:autocad_mechanical::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:autocad_mep::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:autocad_mep::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:autocad_mep::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:autocad_mep::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:autocad_plant_3d::::::::	2019			2019.1.3
cpe:2.3:a:autodesk:autocad_plant_3d::::::::	2020			2020.1.4
cpe:2.3:a:autodesk:autocad_plant_3d::::::::	2021			2021.1.1
cpe:2.3:a:autodesk:autocad_plant_3d::::::::	2022			2022.0.1
cpe:2.3:a:autodesk:dwg_trueview::::::::	2022			2022.1.1

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:iconics:genesis64::::::::			10.97

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:mitsubishielectric:mc_works64::::::::			4.04e

Related information, measures and tools

No	URL	タグ
1	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004	Vendor Advisory
2	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004	Vendor Advisory
3	https://www.zerodayinitiative.com/advisories/ZDI-21-1236/	Third Party Advisory VDB Entry
4	https://www.zerodayinitiative.com/advisories/ZDI-21-1236/	Third Party Advisory VDB Entry
5	https://www.zerodayinitiative.com/advisories/ZDI-21-1238/	Third Party Advisory VDB Entry
6	https://www.zerodayinitiative.com/advisories/ZDI-21-1238/	Third Party Advisory VDB Entry
7	https://www.zerodayinitiative.com/advisories/ZDI-22-378/	Third Party Advisory VDB Entry
8	https://www.zerodayinitiative.com/advisories/ZDI-22-378/	Third Party Advisory VDB Entry
9	https://www.zerodayinitiative.com/advisories/ZDI-22-473/	Third Party Advisory VDB Entry
10	https://www.zerodayinitiative.com/advisories/ZDI-22-473/	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html