A high-severity vulnerability has been identified in SOLIDWORKS eDrawings, which could allow an attacker to take full control of a user's computer. This is achieved by tricking a user into opening a specially crafted design file (EPRT), which could lead to data theft, ransomware, or further attacks on the network. Immediate patching is required to mitigate this significant risk.

This is a Heap-based Buffer Overflow vulnerability. It occurs within the software component responsible for parsing and reading EPRT files. An attacker can craft a malicious EPRT file with data that exceeds the allocated memory buffer. When a victim opens this file in a vulnerable version of SOLIDWORKS eDrawings, the excess data overwrites adjacent memory, which can be leveraged by the attacker to corrupt program execution flow and run arbitrary code on the victim's system with the same permissions as the logged-in user.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could have a severe business impact, leading to a complete compromise of the affected user's workstation. Potential consequences include the theft of sensitive intellectual property such as proprietary design files, financial data, and personal information. Furthermore, a compromised system could be used as a foothold for an attacker to move laterally within the network, install ransomware, or deploy other malware, leading to significant operational disruption and financial loss.

Immediate Action:

• Identify all systems with the affected versions of SOLIDWORKS eDrawings installed.
• Apply the security updates provided by the vendor immediately to patch the vulnerability.
• Prioritize patching for systems used by engineers and designers who frequently handle files from external sources.

Proactive Monitoring:

• Monitor endpoint detection and response (EDR) logs for suspicious child processes spawning from the SOLIDWORKS eDrawings executable (e.g., eDrawings.exe launching powershell.exe, cmd.exe, or other unexpected processes).
• Review network logs for unusual outbound connections from workstations running the affected software, especially after a user opens an EPRT file.
• Analyze file access logs for patterns of unusual or repeated access to EPRT files that may indicate scanning or exploitation attempts.

Compensating Controls:

• If immediate patching is not feasible, implement strict email and web filtering rules to block or quarantine incoming EPRT files from untrusted or external sources.
• Conduct user awareness training to educate employees on the risks of opening attachments or files from unverified senders.
• Utilize application whitelisting to prevent unauthorized executables from running on workstations, which can limit the impact of a successful code execution exploit.

Public Exploit Available: false

Given the high severity (CVSS 7.8) and the potential for arbitrary code execution, this vulnerability poses a significant risk to the organization, particularly concerning the protection of intellectual property. Although there is no current evidence of active exploitation, organizations must act proactively. We strongly recommend that the vendor-supplied security updates be applied to all affected systems as a matter of priority to prevent potential future exploitation.