CVE-2022-41306: 
Autodesk Design Review vulnerability analysis and mitigation

CVE-2022-41306 is a Remote Code Execution vulnerability discovered in Autodesk Design Review's handling of Macintosh Pict (PCT) files. The vulnerability was discovered in late May 2022 and disclosed in October 2022. It affects Autodesk Design Review versions 2018 Hotfix 5 and earlier (Fortinet Blog).

The vulnerability occurs during the decoding of Macintosh Pict (PCT) files in Autodesk Design Review. Specifically, a malformed PCT file can trigger an Out of Bounds memory write due to an improper bounds check in the application. This memory corruption vulnerability exists in the DesignReview.exe application (NVD, Fortinet Blog).

If successfully exploited, attackers can execute arbitrary code within the context of the application through a crafted PCT file. This allows potential attackers to gain control over the affected system with the same privileges as the application (Fortinet Blog).

Fortinet has released an IPS signature named Autodesk.Design.Review.CVE-2022-41306.Remote.Code.Execution to proactively protect their customers against this vulnerability. Users are advised to apply the latest security patches released by Autodesk (Fortinet Blog).