CVE-2023-2762 - OpenCVE

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
3ds	3dexperience Solidworks

Configuration 1 [-]

cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.3ds.com/vulnerability/advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: 3DS

Published: 2023-07-12T07:05:26.301Z

Updated: 2023-07-12T07:10:20.317Z

Reserved: 2023-05-17T15:42:19.316Z

Link: CVE-2023-2762

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-12T08:15:09.953

Modified: 2023-07-20T01:49:48.370

Link: CVE-2023-2762

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2762", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2023-05-17T15:42:19.316Z", "datePublished": "2023-07-12T07:05:26.301Z", "dateUpdated": "2023-07-12T07:10:20.317Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2023-07-12T07:10:20.317Z"}, "title": "Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use After Free", "type": "CWE"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "SOLIDWORKS Desktop", "versions": [{"status": "affected", "version": "Release SOLIDWORKS 2021 Golden", "lessThanOrEqual": "Release SOLIDWORKS 2021 SP5.1", "versionType": "custom"}, {"status": "affected", "version": "Release SOLIDWORKS 2022 Golden", "lessThanOrEqual": "Release SOLIDWORKS 2022 SP5", "versionType": "custom"}, {"status": "affected", "version": "Release SOLIDWORKS 2023 Golden", "lessThanOrEqual": "Release SOLIDWORKS 2023 SP2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted file."}]}], "references": [{"url": "https://www.3ds.com/vulnerability/advisories"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "credits": [{"lang": "en", "value": "Mat Powell from Trend Micro's Zero Day Initiative", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}]}}}