Detections
Analytics
Autodesk Revit 2024.x < 2024.2.2 / 2025.x < 2025.3 PDF File Parsing Out-of-Bounds Write (ADSK-SA-2024-0018)
high Nessus Plugin ID 209289
Synopsis
An application installed on the remote Windows host is affected by an out-of-bounds write vulnerability.Description
The version of Autodesk Revit installed on the remote Windows host is 2024.x prior to 2024.2.2 or 2025.x prior to 2025.3. It is, therefore, affected by an out-of-bounds write vulnerability:- A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. (CVE-2024-7993)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Autodesk Revit 2024.2.2 or 2025.3 or later.See Also
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0018
Plugin Details
Severity: High
ID: 209289
File Name: autodesk_revit_ADSK-SA-2024-0018.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 10/18/2024
Updated: 10/18/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-7993
CVSS v3
Risk Factor: High
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:autodesk:revit
Required KB Items: SMB/Registry/Enumerated, installed_sw/Autodesk Revit
Patch Publication Date: 10/15/2024
Vulnerability Publication Date: 10/15/2024
Reference Information
CVE: CVE-2024-7993
IAVA: 2024-A-0678