CVE-2024-11454: Untrusted Search Path vulnerability in Autodesk Revit

7.8 CVSS

Description

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.

Classification

CVE ID: CVE-2024-11454

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

Affected Products

Vendor: Autodesk

Product: Revit

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://autodesk.com/trust/security-advisories/adsk-sa-2024-0025

Timeline

2024-12-10 00:31:08 UTC
CVE

Untrusted Search Path vulnerability in Autodesk Revit