A high-severity double-free vulnerability in Autodesk Design Review poses a significant risk of arbitrary code execution through the processing of malformed PDF files.

This is a double-free memory corruption vulnerability triggered when the application parses a malformed PDF file. The attack requires user interaction, specifically the opening of a malicious file by an authenticated user of the application.

Successful exploitation of this flaw could allow an attacker to achieve arbitrary code execution within the context of the current user. Given the CVSS score of 8.1, this vulnerability presents a significant risk to organizational integrity, potentially leading to unauthorized data access or full system compromise. The impact is elevated if the application is run with elevated privileges.

Immediate Action: Identify and patch all instances of Autodesk Design Review to the latest vendor-provided version.

Proactive Monitoring: Monitor endpoint execution logs for suspicious child processes spawned by Design Review.

Compensating Controls: Implement file integrity monitoring and restrict the execution of untrusted PDF files within the environment until patches are applied.

Public Exploit Available: false

Organizations should treat this vulnerability with high urgency, prioritizing the identification of all Autodesk Design Review installations within the network. Immediate application of vendor patches is required to mitigate the risk of memory corruption attacks.