CVE-2024-30374 is an out-of-bounds write vulnerability classified under CWE-787 affecting Luxion KeyShot Viewer version 2023.3_12.2.1.2. The vulnerability exists in the KSP file parser component, where insufficient validation of user-supplied data allows an attacker to write beyond the allocated buffer boundaries. This memory corruption flaw can be triggered remotely when a user opens a crafted malicious KSP file or visits a malicious webpage that causes the viewer to parse such a file. The out-of-bounds write can lead to arbitrary code execution within the context of the KeyShot Viewer process, enabling attackers to potentially execute malicious payloads, escalate privileges, or disrupt application functionality. Exploitation requires user interaction, such as opening a file or visiting a webpage, and does not require prior authentication. The CVSS 3.0 base score of 7.8 reflects high confidentiality, integrity, and availability impacts, with low attack complexity but requiring user interaction. No patches are currently linked, and no active exploitation has been reported. The vulnerability was reported by ZDI (ZDI-CAN-22449) and publicly disclosed on June 6, 2024.

The impact of CVE-2024-30374 is significant for organizations using Luxion KeyShot Viewer, especially in industries relying on 3D rendering and visualization such as manufacturing, automotive, and product design. Successful exploitation could allow attackers to execute arbitrary code, leading to full compromise of the affected system under the privileges of the user running the viewer. This can result in data theft, insertion of malware, lateral movement within networks, or disruption of critical design workflows. Since the vulnerability requires user interaction, social engineering or phishing campaigns could be used to deliver malicious KSP files or lure users to malicious websites. The compromise of design files or intellectual property could have severe business and reputational consequences. Additionally, if the viewer is run with elevated privileges, the impact could extend to system-wide compromise. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as proof-of-concept exploits may emerge.

Organizations should implement the following specific mitigations: 1) Monitor Luxion’s official channels for patches or updates addressing CVE-2024-30374 and apply them promptly once available. 2) Restrict the opening of KSP files to trusted sources only and educate users about the risks of opening files from unverified origins. 3) Employ application whitelisting and sandboxing techniques to limit the execution context of KeyShot Viewer, reducing the impact of potential exploitation. 4) Use endpoint detection and response (EDR) solutions to monitor for anomalous behavior indicative of exploitation attempts. 5) Implement network-level controls to block access to known malicious sites that could host exploit payloads. 6) Conduct user awareness training focused on phishing and social engineering tactics that could deliver malicious KSP files. 7) Consider disabling automatic file parsing or preview features in the viewer if configurable, to prevent automatic processing of malicious files. 8) Maintain regular backups of critical design data to enable recovery in case of compromise.