the business of cad


Issue #788 |  August 27, 2013
<  Previous Issue | This Issue Online | Next Issue>


In This Issue


1. About That Exploit in DWG Files

     - The Finder Explains
     - Open Design Alliance Responds


2. No Out of the Inbox, but some other regular columns.


About That Exploit in DWG Files

Two security researchers in Argentina earlier this year found an exploit in DWG version AC1021 files used by AutoCAD 2007 and later, as well as TrueView and Autodesk software based on AutoCAD. The exploit is severe enough ("Medium") to be listed in the US government's National Vulnerability Database (see http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3665).


Security research firm Binamuse reported the problem to Autodesk on March 27, following which Autodesk quietly released a hotfix July 10 at http://usa.autodesk.com/adsk/servlet/ps/dl/item?id=21972896&linkID=9240618&siteID=123112 . The patch is for AutoCAD 2011-2014, but not for the truly affected releases of AutoCAD 2007-2010, oddly enough. (The more recent releases are affected only in that they can read DWG 2007-10 files.)


Binamuse two weeks later reported the problem publicly; the CAD media ignored the story, except for my WorldCAD Access blog. I contacted Binamuse and the Open Design Alliance to learn more about the exploit.


The Finder Explains

Felipe Manzano of Binamuse pointed me to his company's blog for the technical explanation of the exploit:


"AutoCAD is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. This issue is due to AutoCAD's failure to properly bounds-check data in a DWG file before using it to index and copy heap memory values. This can be exploited to execute arbitrary code by opening a specially crafted DWG file."


For the full technical details, see http://blog.binamuse.com/2013/07/autocad-dwg-ac1021-heap-corruption.html.


Open Design Alliance Responds

Neil Peterson is the chief technical officer of Open Design Alliance, and he explained why Teigha is not vulnerable to the exploit but is getting an update anyhow. (Teigha is the name of the ODA's DWG API.)


"Loading one of these specially-crafted .dwg files cannot result in the execution of arbitrary/malicious code in an ODA Teigha-based application. (Heap corruption can occur since Teigha is not performing bounds checking in certain situations during loading.) However, no additional exploitation is possible due to the modern architecture and code structure used in Teigha.


"A source-code fix for the heap corruption issue is already available to ODA founding members, and the fix will be included in the 3.9.1 release of Teigha scheduled for December 2013." http://www.opendesign.com

Binamuse's proof-of-concept exploit written in Python can be downloaded from http://www.binamuse.com/exploits/BINA-20130724.py



On the Blog

Here are items that appeared on the WorldCAD Access blog in recent weeks at http://worldcadaccess.typepad.com:

Letters to the Editor

Re: Can a Monitor Be Too Big?
"I regularly use a 13" Apple MacBook Pro to create 2D detail drawings using Vectorworks. Besides this, my main CAD system is a 27" iMac. I find that although I work carefully on the laptop, I find numerous small mistakes when I switch to the 27" screen. There, the mistakes are glaringly obvious.


"A big screen is definitely a big advantage: I work faster, the feedback loop is much more direct. While a high resolution is obviously important, it does not substitute for big image size: it simply makes working easier specifically for older eyes. (I am 57.) I used to have problems in the mid-80s with the then high-res 18" 1024x768 screens -- specifically Sony's Trinitron-based monitors. I would see their rectangular grid pattern imprinted in my vision as I sometimes worked 10-12 hour days.


"I now know this is not good. I have much less trouble with the modern screens I now use."
      - Rene Dalmeijer
       The Netherlands


Re: Leap Motion

"Guten Tag, Herr Grabowski: Did you test [the 3D air controller] Leap Motion with CAD? (https://www.leapmotion.com). What do you think about this device?"
      - Jose De Jesus, alias "No more CADsualties"


The editor replies: "No, I have not tested it, as the device is still quite rare. My experience with using a large touchscreen Windows 8 computer for nearly a year now shows me that touch and gestures are only sometimes better than the mouse. Touch cannot, however, replace the mouse in CAD for the following reasons, and I see the similar problems facing 3D air interfaces, like the one from Leap Motion:

- - -

"I was a free-lancer for years, but as an amateur in developing some CAD freeware I enjoyed the reading upFront.eZine about progress and decay in those big idea-selling CAD companies. I have been diagnosed with pancreas cancer, and only a few weeks (and a lot of pain killers) are given to me to make my life liveable. Regards, and enjoy life; keep up the good work."
      - H. M.

Notable Quotable

"Google Glass, iWatch, [Fitbit Flex] activity monitor... you're halfway to RoboCop."
      - Bob Dormon, The Register

Thank You to Our Subscribers & Donators

These great people support upFront.eZine through their personal contributions of $25 (or corporate ones of $500). Thank you!

(You can donate through PayPal to this newsletter using the Personal and Corporate donation links at http://www.upfrontezine.com.)



upFront.eZine is published every Tuesday, except during summer and Christmas vacation. Editor: Ralph Grabowski. This newsletter is read by nearly 11,000 subscribers in 70 countries. Your comments are welcome at editor@upfrontezine.com! Deadline for submissions is every Monday noon.


To Subscribe

Send the message 'subscribe upfront' to subscribe@upfrontezine.com. All 700+ back issues at www.upfrontezine.com/welcome.htm.


Donations & Subscriptions

upFront.eZine is shareware. You receive this newsletter free. To support its publication, suggested one-time donations is US$25 or the equivalent in your country. If you prefer to pay an annual subscription fee of $25, you will be reminded each year around May 1.



-      PayPal - send payment to the account of grabowski@telus.net

-      Checks or money orders: 34486 Donlyn Avenue, Abbotsford BC, V2S 4W7, Canada.

-      Direct bank transfer: email for details.


Address Change

Send both your old and new email addresses to subscribe@upfrontezine.com.


To Unsubscribe

Send the message 'unsubscribe upfront' to editor@upfrontezine.com. I appreciate knowing reasons for unsubscribing.



US$680 per two weeks. Wanted ads by the unemployed are free. Other rates available. For more info, email advertise@upfrontezine.com.

- - -

Entire contents copyright 2013 by upFront.eZine Publishing, Ltd. All rights reserved worldwide. Letters sent to the editor are subject to publication. Article reprint fee: $840. All trademarks belong to their respective holders. "upFront.eZine," "The Business of CAD," and "WorldCAD Access" are trademarks of upFront.eZine Publishing, Ltd. Letters to the editor may be edited for clarity and brevity. Translations and opinions expressed are not necessarily shared by upFront.eZine Publishing, Ltd.


* 11817