CVE-2022-40649: 
Ansys SpaceClaim vulnerability analysis and mitigation

The vulnerability (CVE-2022-40649) affects Ansys SpaceClaim 2022 R1 and was disclosed on September 14, 2022. This security flaw allows remote attackers to execute arbitrary code on affected installations of the software. The vulnerability requires user interaction, specifically the target must visit a malicious page or open a malicious file (ZDI Advisory).

The vulnerability exists within the parsing of X_B files in Ansys SpaceClaim. The specific issue results from the lack of proper initialization of a pointer prior to accessing it. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Given the CVSS metrics, successful exploitation could lead to complete compromise of confidentiality, integrity, and availability of the targeted system (ZDI Advisory).

The vulnerability has been fixed in Ansys SpaceClaim 2023 R2. Users are advised to upgrade to this version to protect against potential exploitation (ZDI Advisory).