CVE-2022-33890
Published on: Not Yet Published
Last Modified on: 12/03/2022 02:22:00 AM UTC
Certain versions of Autocad from Autodesk contain the following vulnerability:
A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
- CVE-2022-33890 has been assigned by
psi[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | NONE | REQUIRED |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Security Advisories | Autodesk Trust Center | www.autodesk.com text/html |
MISC www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021 |
There are currently no QIDs associated with this CVE
Exploit/POC from Github
This repository contains a collection of data files on known Common Vulnerabilities and Exposures (CVEs). Each file i…
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Autodesk | Autocad | All | All | All | All |
| Application | Autodesk | Autocad Advance Steel | All | All | All | All |
| Application | Autodesk | Autocad Architecture | All | All | All | All |
| Application | Autodesk | Autocad Civil 3d | All | All | All | All |
| Application | Autodesk | Autocad Electrical | All | All | All | All |
| Application | Autodesk | Autocad Lt | All | All | All | All |
| Application | Autodesk | Autocad Map 3d | All | All | All | All |
| Application | Autodesk | Autocad Mechanical | All | All | All | All |
| Application | Autodesk | Autocad Mep | All | All | All | All |
| Application | Autodesk | Autocad Plant 3d | All | All | All | All |
| Application | Autodesk | Design Review | 2018 | - | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix2 | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix3 | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix4 | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix5 | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix6 | All | All |
- cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:design_review:2018:hotfix5:*:*:*:*:*:*:
- cpe:2.3:a:autodesk:design_review:2018:hotfix6:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2022-33890 : A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lea… twitter.com/i/web/status/1… | 2022-10-03 15:09:27 |
 /r/netcve |
CVE-2022-33890 | 2022-10-03 15:38:30 |