CVE-2022-42935: 
Autodesk Design Review vulnerability analysis and mitigation

CVE-2022-42935 is a Remote Code Execution vulnerability discovered in Autodesk Design Review software, disclosed on October 21, 2022. The vulnerability specifically affects the processing of Macintosh Pict (PCT) files in the DesignReview.exe application, where a maliciously crafted file can lead to memory corruption through write access violation (Fortinet Labs, NVD).

The vulnerability occurs during the decoding of Macintosh Pict 'PCT' files in Autodesk Design Review. Specifically, the vulnerability is triggered by a malformed PCT file, which causes an Out of Bounds memory write due to an improper bounds check. The vulnerability requires user interaction to exploit, as the target must open a malicious file (Fortinet Labs).

When successfully exploited, this vulnerability allows attackers to execute arbitrary code within the context of the current process via a crafted PCT file. The severity is considered high due to the potential for remote code execution (Fortinet Labs).

Autodesk has released a security hotfix (version 2018 Hotfix 5) to address this vulnerability. Users of Autodesk Design Review 2018 and earlier versions are strongly recommended to download and install the security hotfix via the Autodesk Knowledge Network (Autodesk Advisory).