August 29, 2013
August 27, 2013, upFront.eZine released a press about the exploit in .dwg files. Two security researchers in Argentina earlier this year found an exploit in DWG version AC1021 files used by AutoCAD 2007 and later, as well as TrueView and Autodesk software based on AutoCAD. The exploit is severe enough ("Medium") to be listed in the US government's National Vulnerability Database (see http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3665). Security research firm Binamuse reported the problem to Autodesk on March 27, following which Autodesk quietly released a hotfix July 10. The patch is for AutoCAD 2011-2014, but not for the truly affected releases of AutoCAD 2007-2010, oddly enough. (The more recent releases are affected only in that they can read DWG 2007-10 files. Felipe Manzano, the exploit finder pointed: "AutoCAD is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. This issue is due to AutoCAD's failure to properly bounds-check data in a DWG file before using it to index and copy heap memory values. This can be exploited to execute arbitrary code by opening a specially crafted DWG file." Neil Peterson is the chief technical officer of Open Design Alliance, and he explained, "Loading one of these specially-crafted .dwg files cannot result in the execution of arbitrary/malicious code in an ODA Teigha-based application. A source-code fix for the heap corruption issue is already available to ODA founding members, and the fix will be included in the 3.9.1 release of Teigha scheduled for December 2013." As an ODA member, GstarCAD is an ODA Teigha-based application, which means this severe enough exploit never will be a threat to GstarCAD users.
September 19, 2018
May 19, 2017
January 04, 2016
December 31, 2013
December 16, 2013
December 01, 2013
November 15, 2013
November 13, 2013
November 07, 2013
November 05, 2013
November 01, 2013
October 25, 2013
October 22, 2013
October 13, 2013
September 25, 2013
September 24, 2013
September 17, 2013
September 10, 2013
September 2, 2013
August 30, 2013
August 23, 2013
August 11, 2013
August 8, 2013
July 26, 2013
May 22, 2013
May 15, 2013
April 27, 2013
April 15, 2013
April 10, 2013