Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for 3dexperience_solidworks by 3ds

    CVE-2023-2763 (GCVE-0-2023-2763)

    Vulnerability from nvd – Published: 2023-07-12 07:05 – Updated: 2024-09-05 14:18
    VLAI
    Title
    Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
    Summary
    Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS Desktop Affected: Release SOLIDWORKS 2021 Golden , ≤ Release SOLIDWORKS 2021 SP5.1 (custom)
    Affected: Release SOLIDWORKS 2022 Golden , ≤ Release SOLIDWORKS 2022 SP5 (custom)
    Affected: Release SOLIDWORKS 2023 Golden , ≤ Release SOLIDWORKS 2023 SP2 (custom)
    Create a notification for this product.
    Credits
    Mat Powell from Trend Micro's Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.467Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T14:17:47.900906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T14:18:20.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS Desktop",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2021 SP5.1",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2022 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2023 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2023 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mat Powell from Trend Micro\u0027s Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file."
                }
              ],
              "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-02T08:11:05.503Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2763",
        "datePublished": "2023-07-12T07:05:33.333Z",
        "dateReserved": "2023-05-17T15:42:24.664Z",
        "dateUpdated": "2024-09-05T14:18:20.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2762 (GCVE-0-2023-2762)

    Vulnerability from nvd – Published: 2023-07-12 07:05 – Updated: 2024-11-07 18:16
    VLAI
    Title
    Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
    Summary
    A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS Desktop Affected: Release SOLIDWORKS 2021 Golden , ≤ Release SOLIDWORKS 2021 SP5.1 (custom)
    Affected: Release SOLIDWORKS 2022 Golden , ≤ Release SOLIDWORKS 2022 SP5 (custom)
    Affected: Release SOLIDWORKS 2023 Golden , ≤ Release SOLIDWORKS 2023 SP2 (custom)
    Create a notification for this product.
    Credits
    Mat Powell from Trend Micro's Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T18:15:15.539541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T18:16:32.428Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS Desktop",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2021 SP5.1",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2022 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2023 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2023 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mat Powell from Trend Micro\u0027s Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted file."
                }
              ],
              "value": "A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-12T07:10:20.317Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2762",
        "datePublished": "2023-07-12T07:05:26.301Z",
        "dateReserved": "2023-05-17T15:42:19.316Z",
        "dateUpdated": "2024-11-07T18:16:32.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2763 (GCVE-0-2023-2763)

    Vulnerability from cvelistv5 – Published: 2023-07-12 07:05 – Updated: 2024-09-05 14:18
    VLAI
    Title
    Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
    Summary
    Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS Desktop Affected: Release SOLIDWORKS 2021 Golden , ≤ Release SOLIDWORKS 2021 SP5.1 (custom)
    Affected: Release SOLIDWORKS 2022 Golden , ≤ Release SOLIDWORKS 2022 SP5 (custom)
    Affected: Release SOLIDWORKS 2023 Golden , ≤ Release SOLIDWORKS 2023 SP2 (custom)
    Create a notification for this product.
    Credits
    Mat Powell from Trend Micro's Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.467Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T14:17:47.900906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T14:18:20.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS Desktop",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2021 SP5.1",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2022 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2023 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2023 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mat Powell from Trend Micro\u0027s Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file."
                }
              ],
              "value": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-02T08:11:05.503Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2763",
        "datePublished": "2023-07-12T07:05:33.333Z",
        "dateReserved": "2023-05-17T15:42:24.664Z",
        "dateUpdated": "2024-09-05T14:18:20.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2762 (GCVE-0-2023-2762)

    Vulnerability from cvelistv5 – Published: 2023-07-12 07:05 – Updated: 2024-11-07 18:16
    VLAI
    Title
    Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023
    Summary
    A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS Desktop Affected: Release SOLIDWORKS 2021 Golden , ≤ Release SOLIDWORKS 2021 SP5.1 (custom)
    Affected: Release SOLIDWORKS 2022 Golden , ≤ Release SOLIDWORKS 2022 SP5 (custom)
    Affected: Release SOLIDWORKS 2023 Golden , ≤ Release SOLIDWORKS 2023 SP2 (custom)
    Create a notification for this product.
    Credits
    Mat Powell from Trend Micro's Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T18:15:15.539541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T18:16:32.428Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS Desktop",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2021 SP5.1",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2022 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release SOLIDWORKS 2023 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS 2023 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mat Powell from Trend Micro\u0027s Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted file."
                }
              ],
              "value": "A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-12T07:10:20.317Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2762",
        "datePublished": "2023-07-12T07:05:26.301Z",
        "dateReserved": "2023-05-17T15:42:19.316Z",
        "dateUpdated": "2024-11-07T18:16:32.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }