Vulnerability Details CVE-2021-27031
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
References
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001
- https://www.zerodayinitiative.com/advisories/ZDI-21-1069/
- https://www.zerodayinitiative.com/advisories/ZDI-21-468/
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001
- https://www.zerodayinitiative.com/advisories/ZDI-21-1069/
- https://www.zerodayinitiative.com/advisories/ZDI-21-468/
Products affected by CVE-2021-27031
-
cpe:2.3:a:autodesk:fbx_review:-
-
cpe:2.3:a:autodesk:fbx_review:1.4.0
-
cpe:2.3:a:autodesk:fbx_review:1.4.1.0
-
cpe:2.3:a:autodesk:fbx_review:1.5.0