CVE-2021-27031: 
Autodesk FBX Review vulnerability analysis and mitigation

CVE-2021-27031 is a use-after-free vulnerability affecting Autodesk FBX Review software versions 1.4.1.0 and 1.5.0. The vulnerability was discovered in early 2021 and publicly disclosed on April 19, 2021. This security flaw allows remote attackers to execute arbitrary code on affected installations of the software when a user opens a malicious FBX or DAE file (Vendor Advisory, ZDI Advisory).

The vulnerability stems from the lack of validating the existence of an object prior to performing operations on it during the parsing of FBX and DAE files. This use-after-free condition (CWE-416) allows the application to reference a memory location controlled by an unauthorized third party. The vulnerability has received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability enables attackers to execute arbitrary code in the context of the current process, potentially leading to complete system compromise. The high CVSS score reflects the severity of potential impacts on confidentiality, integrity, and availability of the affected system (ZDI Advisory).

Autodesk has released version 1.5.2 as a security update to address this vulnerability. Users of affected versions (1.4.1.0 and 1.5.0) are strongly recommended to apply the available hotfix through the Autodesk Desktop App or the Accounts Portal. Users of previous versions that no longer qualify for full support should upgrade to a supported version to avoid potential security vulnerabilities (Vendor Advisory).