CVE-2021-40157: 
Autodesk FBX Review vulnerability analysis and mitigation

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing it to run arbitrary code on the system. The vulnerability was discovered in September 2021 and affects Autodesk FBX Review software versions up to and including 1.5.0 (NVD, Autodesk Advisory).

The vulnerability is classified as an Untrusted Pointer Dereference issue that could lead to arbitrary code execution. It has been assigned a CVSS v3.1 Base Score of 7.8 HIGH with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability was initially categorized under CWE-476 but was later remapped to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code on the target system when a user opens a specially crafted malicious FBX file. This could potentially lead to complete system compromise with the same privileges as the user running the FBX Review application (Autodesk Advisory).

Autodesk has released version 1.5.2 to address this vulnerability. Users are recommended to update to the patched version through the Autodesk Desktop App or the Accounts Portal. Customers using previous versions that no longer qualify for full support should plan to upgrade to a supported version as soon as possible to avoid potential security vulnerabilities (Autodesk Advisory).