CVE Vulnerability

CVE-2008-4472

The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html
http://securityreason.com/securityalert/4361
http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID=11705366
http://images.autodesk.com/adsk/files/live_update_hotfix0.html
http://www.securityfocus.com/bid/31490
http://www.vupen.com/english/advisories/2008/2704
https://exchange.xforce.ibmcloud.com/vulnerabilities/45521
https://www.exploit-db.com/exploits/6630
http://www.securityfocus.com/archive/1/496847/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:autodesk:design_review:2009:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:revit_architecture:2009:sp2:*:*:*:*:*:*
cpe:2.3:a:autodesk:dwf_viewer:*:*:*:*:*:*:*:*
Information

Published : 2008-10-07 08:00

Updated : 2018-10-11 08:51

NVD link : CVE-2008-4472

Mitre link : CVE-2008-4472

Products Affected
No products.
CWE
CWE-264