Security News > 2020 > April > Microsoft Out-of-Band Advisory Addresses Autodesk FBX Vulnerabilities

Microsoft Out-of-Band Advisory Addresses Autodesk FBX Vulnerabilities
2020-04-22 21:36

Microsoft issued an out-of-band advisory this week to address Autodesk FBX vulnerabilities in Office, Office 365, and Paint 3D. Multiple bugs that were addressed in the Autodesk FBX software development kit earlier this month could lead to code execution and denial of service conditions.

2020.0 or earlier could be impacted by "Buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities," Autodesk explains.

According to Microsoft, the use of the Autodesk FBX library in some of its products has resulted in remote code execution vulnerabilities that are triggered when processing specially crafted 3D content.

"The security updates address these vulnerabilities by correcting the way 3D content is handled by Microsoft software," the tech giant notes in an advisory.

"Some may question how Microsoft Office is vulnerable to an Autodesk vulnerability. It's not poor security practices on Microsoft's part by any means, but vulnerabilities like these are a good example of how incorporating another group's tools and code means that you also incorporate their vulnerabilities into your own product - in this case, Microsoft Office, Office 365 ProPlus, and Paint 3D," Seguin continued.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/HAeNrQHIDPg/microsoft-out-band-advisory-addresses-autodesk-fbx-vulnerabilities

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400
Autodesk 43 1 5 167 9 182