Vulnerability Details CVE-2024-11608
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.0%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2024-11608
-
cpe:2.3:a:autodesk:revit:2023
-
cpe:2.3:a:autodesk:revit:2023.0.1
-
cpe:2.3:a:autodesk:revit:2023.0.2
-
cpe:2.3:a:autodesk:revit:2023.1
-
cpe:2.3:a:autodesk:revit:2023.1.1
-
cpe:2.3:a:autodesk:revit:2023.1.1.1
-
cpe:2.3:a:autodesk:revit:2023.1.2
-
cpe:2.3:a:autodesk:revit:2023.1.3
-
cpe:2.3:a:autodesk:revit:2023.1.4
-
cpe:2.3:a:autodesk:revit:2023.1.5
-
cpe:2.3:a:autodesk:revit:2024
-
cpe:2.3:a:autodesk:revit:2024.0.2
-
cpe:2.3:a:autodesk:revit:2024.1
-
cpe:2.3:a:autodesk:revit:2024.1.1
-
cpe:2.3:a:autodesk:revit:2024.2
-
cpe:2.3:a:autodesk:revit:2024.2.1
-
cpe:2.3:a:autodesk:revit:2024.2.2
-
cpe:2.3:a:autodesk:revit:2024.3
-
cpe:2.3:a:autodesk:revit:2025
-
cpe:2.3:a:autodesk:revit:2025.1
-
cpe:2.3:a:autodesk:revit:2025.2
-
cpe:2.3:a:autodesk:revit:2025.3