A high-severity vulnerability has been identified in multiple Luxion products, including KeyShot. This flaw allows an attacker to execute arbitrary code and take control of a user's computer by tricking them into opening a specially crafted 3D model file (.3dm). Successful exploitation could lead to a complete system compromise, resulting in data theft, ransomware installation, or further network intrusion.

The vulnerability is an out-of-bounds write condition that occurs when the affected Luxion software parses a malformed 3DM file. An attacker can create a malicious .3dm file with specific data that, when processed by the application's file parsing library, writes data outside of the intended memory buffer. This memory corruption can be leveraged by the attacker to hijack the application's control flow, leading to remote code execution (RCE) in the security context of the user who opened the file. Exploitation requires user interaction, such as opening the malicious file received via email, a web download, or from a shared drive.

This vulnerability is rated as High severity with a CVSS score of 7.8. A successful attack could have a significant business impact, including the compromise of workstations used for sensitive design and engineering work. Potential consequences include the theft of valuable intellectual property, proprietary designs, and confidential project data. Furthermore, a compromised workstation can serve as a beachhead for an attacker to move laterally within the corporate network, potentially leading to a wider breach, deployment of ransomware, or disruption of business operations.

Immediate Action: The primary remediation is to apply the security patches provided by Luxion to all affected systems. Priority should be given to all workstations, especially those used by designers and engineers who regularly handle .3dm files. For internet-facing systems that might process these files automatically, patching is critical.

Proactive Monitoring: Security teams should monitor for signs of exploitation. This includes looking for unusual child processes being spawned by Luxion applications (e.g., keyshot.exe launching powershell.exe or cmd.exe), unexpected network connections from these applications to external IP addresses, and reviewing application logs for repeated crashes or errors associated with parsing .3dm files.

Compensating Controls: If patching cannot be immediately deployed, consider the following compensating controls:

• Implement strict user awareness campaigns warning users not to open .3dm files from untrusted or unsolicited sources.
• Use email gateway and web filtering to block or quarantine incoming .3dm files from external sources.
• Utilize application control solutions (e.g., AppLocker) to prevent Luxion software from executing unauthorized applications or scripts.
• Run the application in a sandboxed or virtualized environment to contain the impact of a potential compromise.

Public Exploit Available: False

Given the high severity (CVSS 7.8) and the potential for complete system compromise, we recommend that organizations prioritize the immediate deployment of vendor-supplied patches to all workstations running affected Luxion software. Although there is no current evidence of active exploitation, the risk of a targeted attack against organizations handling sensitive design data is significant. In addition to patching, organizations should enhance monitoring for anomalous behavior and reinforce user security awareness regarding the handling of files from external sources.