TRUST CENTER

AUTODESK TRUST CENTER

Timely and transparent notice

Autodesk publishes important information regarding security vulnerabilities that could affect specific versions of Autodesk products or services.

REPORT AN ISSUE

Latest security bulletins and advisories

This page contains important information regarding security vulnerabilities that could affect specific versions of Autodesk products or services.

  • MAXScript exploit "MSCPROP.DLL" in Autodesk® 3ds Max® software

    A variant of a MAXScript exploit "MSCPROP.DLL" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.

    Autodesk ID: ADSK-SA-2021-0006
    15/07/2021, Thursday

    Learn more

  • Vulnerabilities in Autodesk® InfraWorks software

    Autodesk® InfraWorks has been affected by multiple vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service to the software and user devices.

    Autodesk ID: ADSK-SA-2021-0005
    18/06/2021, Friday

    Learn more

  • Vulnerabilities in the Autodesk® AutoCAD® family of products

    Applications and Services that utilize Autodesk AutoCAD products are affected by Out-of-bound Read, Out-of-bound Write, and Memory Corruption vulnerabilities. Exploitation of these vulnerabilities could lead to arbitrary code execution.

    Autodesk ID: ADSK-SA-2021-0004
    17/06/2021, Thursday

    Learn more

  • Vulnerabilities in the Autodesk® Design Review software

    Applications and Services that utilize Autodesk Design Review may be affected by Double Free, Heap Overflow, Out-of-bound Read/Write, Use-After-Free, Type Confusion, and Uninitialized Variable vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution.

    Autodesk ID: ADSK-SA-2021-0003
    14/06/2021, Monday

    Learn more

  • Privilege Escalation Vulnerabilities in Autodesk® Licensing Service

    Autodesk® Desktop Licensing Installer has been affected by Privilege Escalation vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution due to weak permissions.

    Autodesk ID: ADSK-SA-2021-0002
    14/06/2021, Monday

    Learn more

  • Vulnerabilities in the Autodesk® FBX Review software

    Applications and Services that utilize the Autodesk FBX Review have been affected by Use-After-Free, Memory Corruption, Out-Of-Bounds Read, Untrusted Pointer Dereference, and Directory Traversal vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2021-0001
    15/04/2021, Thursday

    Learn more

  • Use-After-Free and XML Entity Expansion Vulnerabilities in Autodesk® InfraWorks

    Autodesk® InfraWorks has been affected by Use-After-Free and XML Entity Expansion vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.

    Autodesk ID: ADSK-SA-2020-0006
    30/10/2020, Friday

    Learn more

  • MAXScript exploit "PhysXPluginMfx" in Autodesk® 3ds Max® software

    A variant of a MAXScript exploit "PhysXPluginMfx" has been identified and a free plugin is now available in the Autodesk App Store to help detect and resolve potential issues caused by this malicious code.

    Autodesk ID: ADSK-SA-2020-0005
    10/08/2020, Monday

    Learn more

  • Vulnerabilities in Autodesk® InfraWorks

    Autodesk InfraWorks has been affected by heap overflow, code injection, out-of-bounds read, and stack-based buffer overflow vulnerabilities in the libcurl component.

    Autodesk ID: ADSK-SA-2020-0004
    25/06/2020, Thursday

    Learn more

  • Script exploit in Autodesk® Maya

    A third-party malicious script was identified and a fix has been made available. The script can execute malicious code that can corrupt the Maya environment, cause data loss and instability, as well as spread to other systems.

    Autodesk ID: ADSK-SA-2020-0003
    20/05/2020, Wednesday

    Learn more

  • Vulnerabilities in the Autodesk® FBX Software Development Kit

    Applications and Services that utilize the FBX-SDK Ver. 2020.0 or earlier can be impacted by buffer overflow, type confusion, use-after-free, integer overflow, NULL pointer dereference, and heap overflow vulnerabilities.

    Autodesk ID: ADSK-SA-2020-0002
    15/04/2020, Wednesday

    Learn more

  • Improper Signature Validation Vulnerability in Autodesk® Dynamo BIM

    Autodesk® Dynamo BIM is affected by an improper signature validation vulnerability which may lead to code execution through maliciously crafted DLL files.

    Autodesk ID: ADSK-SA-2020-0001
    01/04/2020, Wednesday

    Learn more

  • MAXScript exploit in Autodesk® 3ds Max

    A variant of a MAXScript exploit was identified and a fix has been made available. The exploit can execute malicious code that can corrupt the 3ds Max environment, cause data loss and instability, as well as spread to other systems.

    Autodesk ID: ADSK-SA-2019-0005
    09/01/2020, Thursday

    Learn more

  • Vulnerability in the Autodesk® Desktop Application

    Autodesk Desktop Application is affected by a DLL preloading vulnerability.

    Autodesk ID: ADSK-SA-2019-0004
    29/11/2019, Friday

    Learn more

  • Vulnerability in the Autodesk FBX Software Development Kit

    FBX is affected by a buffer overflow vulnerability which may lead to arbitrary code execution on a system running it.

    Autodesk ID: ADSK-SA-2019-0003
    31/10/2019, Wednesday

    Learn more

  • Vulnerabilities in Autodesk AutoCAD and Design Review Products

    Multiple Autodesk products have been affected by DLL preloading and use-after-free vulnerabilities.

    Autodesk ID: ADSK-SA-2019-0002
    16/08/2019, Friday

    Learn more

  • Vulnerabilities in the Autodesk AutoCAD products

    Multiple Autodesk® AutoCAD® products have been affected by heap overflow, use-after-free, and deserialization vulnerabilities.

    Autodesk ID: ADSK-SA-2019-0001
    14/02/2019, Thursday

    Learn more

  • Denial of Service Vulnerabilities in the Autodesk Backburner Rendering Management Software

    The Autodesk® Backburner 2016 service command line interface accepts a set of remote telnet commands. When insufficient number of arguments are passed, it fails to handle a specific command request which results in an unhandled Null Dereference state/crash leading to Denial of Service condition.

    Autodesk ID: ADSK-SA-2017-001
    17/02/2017, Friday

    Learn more

  • Vulnerabilities in Autodesk Design Review 2013

    Vulnerabilities were identified in the Autodesk® Design Review 2013 application that can result in arbitrary and unauthorized remote code execution.

    Autodesk ID: ADSK-SA-2016-02
    14/12/2016, Wednesday

    Learn more

  • Vulnerabilities in the Autodesk FBX Software Development Kit

    Applications and Services that utilize the Autodesk® FBX-SDK Ver. 2017.0 or earlier for processing FBX, DXF, DAE and 3DS formatted files can be impacted by vulnerabilities related to improper memory allocation when opening malformed files.

    Autodesk ID: ADSK-SA-2016-01
    05/12/2016, Monday

    Learn more

Help us stay secure

REPORT A SECURITY INCIDENT

Help us protect our applications by reporting a security incident, bug, or vulnerability found within an Autodesk product or service.

CONTACT AUTODESK SECURITY

USE GENUINE AUTODESK LICENSES

Avoid software failure, increased exposure to malware, and associated risks by using genuine Autodesk software. Visit Autodesk Genuine to learn more.

VISIT AUTODESK GENUINE
Follow Autodesk

Worldwide sites

Autodesk is a leader in 3D design, engineering and entertainment software.

Privacy settings | Privacy/Cookies | About our Ads | Legal | Report Noncompliance | Site map | © 2021 Autodesk Inc. All rights reserved

Welcome ${RESELLERNAME} Customers

Please opt-in to receive reseller support

I agree that Autodesk may share my name and email address with ${RESELLERNAME} so that ${RESELLERNAME} may provide installation support and send me marketing communications.  I understand that the Reseller will be the party responsible for how this data will be used and managed.

Email is required Entered email is invalid.

No, thanks, I don't want support from ${RESELLERNAME}
${RESELLERNAME}