A stack-based buffer overflow vulnerability has been detected in Autodesk Backburner Manager.
According to a CERT release posted on Monday, Autodesk Backburner 2016, version 2016.0.0.2150 and earlier, "fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code."
The flaw in the network-rendering management software, used in animation, was tagged with CVE-2016-2344. It could allow an unauthenticated attacker to transmit specially crafted commands to the interface to overflow the stack buffer. This could then crash the service or enable arbitrary code execution.
CERT offers no solution as yet, but, according to NIST, this bug is only exploitable in network environments in which the administrator has not adhered to instructions that alert to the security risks of implementing Backburner on untrusted networks.
