CVE-2022-27864: 
Autodesk Design Review vulnerability analysis and mitigation

A Double Free vulnerability (CVE-2022-27864) was discovered in Autodesk Design Review that affects multiple versions including 2018, 2017, 2013, 2012, and 2011. The vulnerability allows remote attackers to execute arbitrary code through the DesignReview.exe application when processing PDF files. User interaction is required to exploit this vulnerability, as the target must open a malicious file or visit a malicious page (Autodesk Advisory).

The vulnerability is classified as a Double Free issue that occurs when processing PDF files in the DesignReview.exe application. This type of vulnerability happens when the same memory allocation is freed twice, potentially leading to memory corruption and arbitrary code execution. The vulnerability was assigned a High severity rating by Autodesk (Autodesk Advisory).

Successful exploitation of this vulnerability could allow attackers to execute arbitrary code in the context of the current process. This means an attacker could potentially gain the same privileges as the user running the Design Review application, potentially compromising the affected system (Autodesk Advisory).

Autodesk has released a security hotfix (2018 Hotfix 6 Update) to address this vulnerability. Users of Autodesk Design Review 2018 and earlier versions are strongly recommended to download and install this security update. Customers using Design Review 2013 or earlier versions need to upgrade to version 2018 or later and apply the security hotfix (Autodesk Advisory).