{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/autodesk/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-7452"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["3ds Max"],"_cs_severities":["high"],"_cs_tags":["cve","memory corruption","autodesk","3ds max","rce"],"_cs_type":"advisory","_cs_vendors":["Autodesk"],"content_html":"\u003cp\u003eCVE-2026-7452 describes a memory corruption vulnerability within Autodesk 3ds Max when parsing maliciously crafted WRL files. An attacker can exploit this vulnerability by enticing a user to open a specially crafted WRL file using Autodesk 3ds Max. Successful exploitation leads to arbitrary code execution within the security context of the 3ds Max process. This vulnerability could be leveraged to install malware, pivot to other systems, or exfiltrate sensitive data. Given the widespread use of 3ds Max in various industries, this vulnerability poses a significant threat to organizations using the software.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious WRL file designed to trigger a memory corruption error in Autodesk 3ds Max.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the malicious WRL file to a target user through various methods (e.g., email, shared drive, website).\u003c/li\u003e\n\u003cli\u003eThe user, unaware of the threat, opens the WRL file using Autodesk 3ds Max.\u003c/li\u003e\n\u003cli\u003e3ds Max attempts to parse the malformed WRL file, leading to a buffer overflow or other memory corruption error.\u003c/li\u003e\n\u003cli\u003eThe memory corruption vulnerability is triggered, allowing the attacker to overwrite critical parts of the process memory.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code into the 3ds Max process memory.\u003c/li\u003e\n\u003cli\u003eThe injected code executes within the context of the 3ds Max process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the system, potentially installing malware or performing other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7452 allows an attacker to execute arbitrary code within the context of the Autodesk 3ds Max process. This could lead to complete system compromise, data theft, or the deployment of ransomware. Organizations in industries heavily reliant on 3D modeling and design, such as architecture, engineering, and media, are particularly at risk. The impact could range from loss of intellectual property to significant financial losses and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patch released by Autodesk to address CVE-2026-7452 in 3ds Max immediately (reference: \u003ca href=\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006)\"\u003ehttps://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement user awareness training to educate users about the risks of opening files from untrusted sources.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious 3ds Max Process Creation with WRL File\u0026rdquo; to identify potential exploitation attempts (reference: Sigma rule below).\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for 3ds Max spawning unusual child processes, which could indicate successful code execution (reference: Sigma rule below).\u003c/li\u003e\n\u003cli\u003eEnable file integrity monitoring for Autodesk 3ds Max installation directory to detect unauthorized modifications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T18:24:12Z","date_published":"2026-05-26T18:24:12Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7452-3dsmax-memory-corruption/","summary":"A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can trigger a memory corruption vulnerability (CVE-2026-7452) allowing arbitrary code execution in the context of the application.","title":"Autodesk 3ds Max Memory Corruption Vulnerability via Malformed WRL File (CVE-2026-7452)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7452-3dsmax-memory-corruption/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-7454"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["3ds Max"],"_cs_severities":["high"],"_cs_tags":["cve","memory corruption","autodesk"],"_cs_type":"advisory","_cs_vendors":["Autodesk"],"content_html":"\u003cp\u003eCVE-2026-7454 is a memory corruption vulnerability affecting Autodesk 3ds Max. The vulnerability is triggered when the software parses a maliciously crafted WRL (VRML) file. Successful exploitation could allow an attacker to execute arbitrary code within the context of the 3ds Max process. The vulnerability stems from a buffer overflow (CWE-120) during the parsing of the WRL file. An attacker would need to entice a user to open a malicious WRL file within 3ds Max to trigger the vulnerability. This could lead to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious WRL file designed to trigger a buffer overflow.\u003c/li\u003e\n\u003cli\u003eAttacker delivers the malicious WRL file to a target user, likely via social engineering.\u003c/li\u003e\n\u003cli\u003eThe user opens the malicious WRL file in Autodesk 3ds Max.\u003c/li\u003e\n\u003cli\u003e3ds Max attempts to parse the WRL file.\u003c/li\u003e\n\u003cli\u003eThe crafted WRL file exploits a buffer overflow vulnerability (CVE-2026-7454) during the parsing process.\u003c/li\u003e\n\u003cli\u003eThe overflow overwrites memory, potentially including instruction pointers or other critical data.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the execution flow.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code within the context of the 3ds Max process.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7454 allows for arbitrary code execution. An attacker can leverage this vulnerability to install malware, steal sensitive data, or perform other malicious actions on the affected system. The severity is high, with a CVSS v3.1 score of 7.8, indicating significant potential for system compromise. The impact is limited to systems where Autodesk 3ds Max is installed and used to open untrusted WRL files.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Autodesk to patch CVE-2026-7454; refer to the Autodesk security advisory \u003ca href=\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006\"\u003ehttps://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious 3ds Max Process Creation\u0026rdquo; to detect potential exploitation attempts based on abnormal 3ds Max behavior.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening untrusted files, especially WRL files in Autodesk 3ds Max.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T18:19:06Z","date_published":"2026-05-26T18:19:06Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7454-autodesk-3ds-max-memory-corruption/","summary":"A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can trigger CVE-2026-7454, a memory corruption vulnerability allowing arbitrary code execution in the context of the current process.","title":"CVE-2026-7454 — Autodesk 3ds Max Memory Corruption Vulnerability via Malicious WRL File","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7454-autodesk-3ds-max-memory-corruption/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-7451"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["3ds Max"],"_cs_severities":["high"],"_cs_tags":["cve","out-of-bounds write","3ds max","tif","memory corruption"],"_cs_type":"advisory","_cs_vendors":["Autodesk"],"content_html":"\u003cp\u003eCVE-2026-7451 is an out-of-bounds write vulnerability affecting Autodesk 3ds Max. The vulnerability arises when the software parses a maliciously crafted TIF file. Successful exploitation could lead to a crash, data corruption, or even arbitrary code execution within the context of the current process. This vulnerability poses a significant risk to users who process untrusted TIF files with Autodesk 3ds Max. An attacker could potentially leverage this vulnerability to compromise a system by enticing a user to open a malicious TIF file.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious TIF file designed to trigger the out-of-bounds write.\u003c/li\u003e\n\u003cli\u003eAttacker delivers the malicious TIF file to a target user (e.g., via email, shared drive, or website).\u003c/li\u003e\n\u003cli\u003eThe user opens the malicious TIF file using Autodesk 3ds Max.\u003c/li\u003e\n\u003cli\u003eAutodesk 3ds Max parses the TIF file, triggering the out-of-bounds write vulnerability due to the malicious content.\u003c/li\u003e\n\u003cli\u003eThe out-of-bounds write corrupts memory within the 3ds Max process.\u003c/li\u003e\n\u003cli\u003eThe memory corruption leads to a crash, data corruption, or enables arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eIf arbitrary code execution is achieved, the attacker can gain control of the affected system.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform malicious activities such as installing malware, stealing data, or further compromising the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7451 can lead to several negative consequences. A crash can cause loss of unsaved work and disrupt productivity. Data corruption can result in loss of valuable assets and require costly recovery efforts. Arbitrary code execution allows an attacker to gain complete control over the affected system, leading to data theft, malware installation, or further network compromise. Given the potential for arbitrary code execution, this vulnerability is considered high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Autodesk to patch CVE-2026-7451 in Autodesk 3ds Max.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening files from untrusted sources to prevent social engineering attacks.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected crashes or unusual behavior in Autodesk 3ds Max processes that could indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious process creation events related to 3ds Max after loading potentially malicious files.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T18:18:40Z","date_published":"2026-05-26T18:18:40Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7451-3dsmax-oob-write/","summary":"CVE-2026-7451 is an out-of-bounds write vulnerability in Autodesk 3ds Max that can be exploited via a maliciously crafted TIF file, potentially leading to a crash, data corruption, or arbitrary code execution.","title":"CVE-2026-7451 - Autodesk 3ds Max Out-of-Bounds Write Vulnerability via Malicious TIF File","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-7451-3dsmax-oob-write/"}],"language":"en","title":"CraftedSignal Threat Feed — Autodesk","version":"https://jsonfeed.org/version/1.1"}