CVE-2022-42933: 
Autodesk Design Review vulnerability analysis and mitigation

A memory corruption vulnerability exists in Autodesk Design Review when processing maliciously crafted .dwf or .pct files through the DesignReview.exe application. The vulnerability (CVE-2022-42933) was discovered in October 2022 and affects multiple versions of Autodesk Design Review including versions 2018, 2017, 2013, 2012, and 2011 (Fortinet Blog, NVD).

The vulnerability is caused by a malformed DWF file, which triggers a write access violation leading to memory corruption. When exploited, this vulnerability could potentially lead to code execution in the context of the current process. The vulnerability has been assigned a CVSS v3 Base Score of 7.8 (High), with attack vector being Local, attack complexity Low, requiring user interaction, and no privileges required (AttackerKB).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code within the context of the current process. The vulnerability affects the confidentiality, integrity, and availability of the system with High impact ratings across all three categories (AttackerKB).

Autodesk has released security patches to address this vulnerability. Users of Autodesk Design Review 2018 and earlier versions are strongly recommended to download and install the security hotfix (Hotfix 5) available through the Autodesk Knowledge Network. Users of Design Review 2013 or earlier versions need to upgrade to version 2018 or later (Autodesk Advisory).