2022

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

autodesk

CWE-1284

NVD

Published: 2022-08-10

Updated: 2023-08-08

Summary

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.

Vulnerable Configurations

Part	Description	Count
Application	Autodesk Autodesk 3DS MAX * Autodesk 3DS MAX 2021 Autodesk 3DS MAX 2021.3.8 Autodesk 3DS MAX 2022	4

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0006