Autodesk 3ds Max is vulnerable to memory corruption through the parsing of RGB files, creating a high risk of unauthorized code execution on affected systems.

Similar to other recent parsing flaws, this vulnerability involves a memory corruption issue when 3ds Max handles specifically formatted RGB files. An attacker can exploit this by delivering a malicious file to an unauthenticated user, which, when opened, triggers the vulnerability.

A successful exploit grants an attacker the same privileges as the logged-in user, potentially leading to the compromise of sensitive project data and the wider corporate network. The High CVSS score of 7.8 reflects the severity of the risk to confidentiality and integrity. The impact includes potential loss of intellectual property and significant remediation costs.

Immediate Action: Apply all relevant security patches for Autodesk 3ds Max through the Autodesk Desktop App or administrative portal.

Proactive Monitoring: Audit system logs for application crashes and monitor for unauthorized network activity originating from workstations running 3ds Max.

Compensating Controls: Deploy robust endpoint protection (EDR) and educate users on the risks of opening files from unverified external sources.

Public Exploit Available: false

The primary remediation is the immediate application of the vendor's security update. Organizations should ensure that their software update cycle includes design and engineering tools, as these are often overlooked but contain high-value data.