Binamuse is the Argentinian firm that found a security hole in Autodesk's DWG file format. This week they provided WorldCAD Access with the details of the problem.
The problem is specific to DWG version AC1021, which is used by AutoCAD 2007 - 2009. However, since newer releases of AutoCAD can read and write older versions of DWG, Binamuse says the problem affects the latest releases, including AutoCAD 2014. Autodesk has so far provided patches only for AutoCAD 2011-2014 and related products that use DWG, unfortunately.
In technical terms, the problem sounds like this:
AutoCad is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise auser’s system. This issue is due to AutoCad’s failure to properly bounds-check data in a DWG file before using it to index and copy heap memory values. This can be exploited to execute arbitrary code by opening a specially crafted DWG file, version AC1021.
Read the detailed commentary on the DWG exploit at http://blog.binamuse.com/2013/07/autocad-dwg-ac1021-heap-corruption.html. I have alerted Open Design Alliance to the issue, and their technical people tell me they are investing.