CVE-2021-22645

Summary

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.

Affected Software

VendorProductVersion RangeStatus
n/aLuxion KeyShotversions prior to 10.1affected
n/aLuxion KeyShot Viewerversions prior to 10.1affected
n/aLuxion KeyShot Network Renderingversions prior to 10.1affected
n/aLuxion KeyVRversions prior to 10.1affected

Weaknesses

  • CWE-357: INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357

ADP Enrichment

CVE Program Container

Additional References

References