Autodesk 3ds Max is susceptible to a memory corruption vulnerability triggered by malicious RGB files, which could allow an attacker to execute code on the victim's system.

This vulnerability occurs during the parsing of RGB image files within Autodesk 3ds Max. By convincing an unauthenticated user to open a specially crafted file, an attacker can trigger memory corruption, leading to a crash or the execution of arbitrary code with the user's privileges.

A successful exploit could lead to the full compromise of a designer's or engineer's workstation, providing a gateway into the corporate network. Given the CVSS score of 7.8, the impact is High, as it can result in the theft of intellectual property, such as proprietary 3D models and project data. System downtime and the cost of incident response further escalate the business risk.

Immediate Action: Install the latest security updates and hotfixes for Autodesk 3ds Max provided by the Autodesk Desktop Account or the official website.

Proactive Monitoring: Monitor for crashes in the 3ds Max process (3dsmax.exe) and inspect for suspicious outbound network connections following the opening of external media files.

Compensating Controls: Implement file-type blocking at the email gateway and web proxy for suspicious or uncommon image formats, and ensure users operate with the least privilege necessary.

Public Exploit Available: false

Immediate patching is required to mitigate the risk of workstation compromise via malicious media files. Users should be cautioned against opening 3ds Max files or associated assets from untrusted or external sources until the updates are applied.