CVE-2022-33882: 
Autodesk Desktop Application vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2022-33882) was discovered in the Autodesk Desktop App (ADA) affecting versions 8.4.0.50 and prior. The vulnerability was related to improper privilege management in file delete operations, which was disclosed on July 22, 2022 (Autodesk Advisory).

The vulnerability exists within the handling of updates and file delete operations in the Autodesk Desktop App. By creating a symbolic link, an attacker can abuse the application to delete a file. The vulnerability received a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. The vulnerability could directly impact the confidentiality, integrity, and availability of user's data or processing resources (ZDI Advisory).

Autodesk released version 8.5.0 to address this vulnerability. Users are strongly recommended to apply the latest update for Autodesk Desktop App (ADA). The update can be installed either by clicking the 'Exit and update' button when prompted or by installing the latest version directly from the Autodesk Desktop App (Autodesk Advisory).

The vulnerability was discovered and reported by Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative, demonstrating the active involvement of security researchers in identifying and responsibly disclosing critical vulnerabilities (Autodesk Advisory).