CVE-2019-7364

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

Published: Aug 23, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-7364
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-427

Affected Software
References

Software	From	Fixed in
autodesk / advance_steel	2018	2018.x
autodesk / autocad	2018	2018.x
autodesk / autocad_architecture	2018	2018.x
autodesk / autocad_electrical	2018	2018.x
autodesk / autocad_lt	2018	2018.x
autodesk / autocad_map_3d	2018	2018.x
autodesk / autocad_mechanical	2018	2018.x
autodesk / autocad_mep	2018	2018.x
autodesk / autocad_plant_3d	2018	2018.x
autodesk / civil_3d	2018	2018.x
autodesk / autocad_plant_3d	2017	2017.x
autodesk / autocad_plant_3d	2019	2019.x
autodesk / autocad_plant_3d	2020	2020.x
autodesk / autocad_mep	2017	2017.x
autodesk / autocad_mep	2019	2019.x
autodesk / autocad_mep	2020	2020.x
autodesk / autocad_mechanical	2017	2017.x
autodesk / autocad_mechanical	2019	2019.x
autodesk / autocad_mechanical	2020	2020.x
autodesk / autocad_map_3d	2017	2017.x
autodesk / autocad_map_3d	2019	2019.x
autodesk / autocad_map_3d	2020	2020.x
autodesk / autocad_electrical	2017	2017.x
autodesk / autocad_electrical	2019	2019.x
autodesk / autocad_electrical	2020	2020.x
autodesk / advance_steel	2017	2017.x
autodesk / advance_steel	2019	2019.x
autodesk / advance_steel	2020	2020.x
autodesk / autocad_architecture	2017	2017.x
autodesk / autocad_architecture	2019	2019.x
autodesk / autocad_architecture	2020	2020.x
autodesk / autocad_p&id	2017	2017.x
autodesk / civil_3d	2017	2017.x
autodesk / civil_3d	2019	2019.x
autodesk / civil_3d	2020	2020.x
autodesk / autocad	2017	2017.x
autodesk / autocad	2019	2019.x
autodesk / autocad	2020	2020.x
autodesk / autocad_lt	2017	2017.x
autodesk / autocad_lt	2019	2019.x
autodesk / autocad_lt	2020	2020.x

https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002

Vulnerability Database

289,697

CVE-2019-7364