The version of Autodesk Navisworks Simulate installed on the remote host is prior to 25.0.999.0 (2025.3). It is, therefore, affected by multiple vulnerabilities as referenced in the adsk-sa-2024-0015 advisory.

  - A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-     of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data,     or execute arbitrary code in the context of the current process. (CVE-2024-7670)

  - A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-     of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data,     or execute arbitrary code in the context of the current process. (CVE-2024-7671)

  - A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-     of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data,     or execute arbitrary code in the context of the current process. (CVE-2024-7672)

  - A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-     based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute     arbitrary code in the context of the current process. (CVE-2024-7673)

  - A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-     based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute     arbitrary code in the context of the current process. (CVE-2024-7674)

  - A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-     After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code     in the context of the current process. (CVE-2024-7675)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Autodesk Navisworks Simulate 25.0.x < 25.0.999.0 (2025.3) Multiple Vulnerabilities (adsk-sa-2024-0015)

high Nessus Plugin ID 208743

Version 1.2