Datakit CrossCadWare Users Beware of New File Parsing Vulnerability

CVECVE-2023-23579
CVSScvssV3_1: 7.8
SourceCVE-2023-23579

Datakit CrossCadWare, a popular 3D CAD software, has been found to contain a vulnerability that could allow hackers to take control of affected systems.

Security researchers discovered that CrossCadWare’s SLDPRT file parser contains a buffer overflow bug. This occurs when processing specially crafted files due to a lack of proper input validation and boundary checks. By triggering the overflow, an attacker could potentially execute arbitrary code on the victim’s machine with the privileges of the CrossCadWare process.

This is a serious issue as many engineers and designers use CrossCadWare for 3D modeling and plans. By sending a malicious SLDPRT file as an attachment or link, hackers could access sensitive design files or infect systems with malware.

The best way to protect yourself is to ensure you have installed the latest updates for CrossCadWare as soon as they are available. Datakit should provide a patch soon that addresses this vulnerability. In the meantime, exercise caution when opening files from unknown or untrusted sources. Following basic cyber safety practices like this will help keep your designs and computers secure.

References