CVE-2021-27041: 
Autodesk Design Review vulnerability analysis and mitigation

CVE-2021-27041 is a buffer overflow vulnerability discovered in Autodesk products that affects multiple versions of AutoCAD and related software. The vulnerability was identified in early 2021 and involves the parsing of DWG files. The affected products include AutoCAD, Advance Steel, Civil 3D, and various AutoCAD-based specialized toolsets from versions 2019 through 2022 (Vendor Advisory).

The vulnerability is characterized as an out-of-bounds write condition (CWE-787) that occurs during the parsing of DWG files. It received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires local access and user interaction but needs no privileges to exploit (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score reflects the potential for complete compromise of system confidentiality, integrity, and availability when successfully exploited (ZDI Advisory).

Autodesk has released patches for affected versions through the Autodesk Desktop App or Accounts Portal. The fixed versions are: 2022.1.2, 2021.1.2, 2020.1.5, and 2019.1.4. Users of Autodesk Advance Steel, Civil 3D, and specialized toolsets need to install either the AutoCAD product updates or upgrade to a more recent product version. An update is not available for 32-bit AutoCAD 2019, and users should upgrade to 64-bit AutoCAD 2019 or a newer version (Vendor Advisory).