A high-severity vulnerability has been identified in multiple Ashlar-Vellum design and drafting software products. This flaw could allow an attacker to execute arbitrary code on a user's workstation if they open a specially crafted malicious file. Successful exploitation could lead to a full system compromise, resulting in data theft, ransomware deployment, or further network intrusion.

The vulnerability exists within the file parsing component of the affected software. An attacker can create a malicious design file containing specially crafted data that triggers a buffer overflow when processed by the application. By convincing a user to open this malicious file, an attacker can execute arbitrary code on the victim's system with the privileges of the logged-in user.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could have a significant business impact, including the compromise of sensitive intellectual property, such as proprietary designs, schematics, and engineering data. An attacker could leverage this access to install ransomware, exfiltrate confidential information, or use the compromised workstation as a foothold to move laterally across the corporate network, escalating the security incident.

Immediate Action: Organizations must apply the vendor-supplied security updates to upgrade all affected Ashlar-Vellum products to version 12 or newer immediately. After patching, system administrators should monitor for any signs of post-exploitation activity and review application and system access logs for unusual behavior preceding the patch deployment.

Proactive Monitoring: Security teams should monitor for suspicious child processes being spawned by the affected software executables (e.g., cobalt.exe, xenon.exe). Additionally, monitor network traffic for any unusual outbound connections from workstations running this software. Application logs should be reviewed for repeated crashes or errors related to file opening, which could indicate failed exploitation attempts.

Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls. These include enhancing user awareness training to warn against opening unsolicited files from untrusted sources, restricting the software's execution within a sandboxed or virtualized environment, and using endpoint detection and response (EDR) solutions to block anomalous process behavior.

Public Exploit Available: false

Given the high CVSS score and the risk of remote code execution, this vulnerability poses a significant threat to the organization. Although it is not currently listed on the CISA KEV catalog and no public exploits are available, the potential for intellectual property theft and ransomware attacks is severe. We strongly recommend that all affected Ashlar-Vellum software installations be patched to version 12 or newer on an emergency basis to mitigate this risk.