CVE-2021-27044: 
Autodesk FBX Review vulnerability analysis and mitigation

A Out-Of-Bounds Read/Write Vulnerability was discovered in Autodesk FBX Review version 1.4.0. The vulnerability was disclosed on September 15, 2021, and affects the FBX file parsing functionality of the software. This security flaw could potentially lead to remote code execution through maliciously crafted DLL files or result in information disclosure (NVD, ZDI).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the parsing of FBX files, where crafted data can trigger a write past the end of an allocated buffer. The vulnerability has been classified under CWE-125 (Out-of-bounds Read) and CWE-787 (Out-of-bounds Write) (NVD).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary code in the context of the current process. The attack could lead to both remote code execution and information disclosure, potentially compromising the affected system's security (ZDI, Autodesk Advisory).

Autodesk has released version 1.5.2 to address this vulnerability. Users are recommended to update to the patched version through the Autodesk Desktop App or the Accounts Portal. The vulnerability was reported on June 4, 2021, and a coordinated public release of the advisory was made on September 15, 2021 (Autodesk Advisory).