PT-2008-5706 · Autodesk · Autodesk Design Review+2

Nine:Situations:Group

Publicado

2008-10-07

Atualizado

2018-10-11

CVE-2008-4472

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Autodesk Design Review version 2009 Revit Architecture version 2009 SP2

Description: The issue allows remote attackers to execute arbitrary programs. This is achieved via the second argument to the ApplyPatch method in the UpdateEngine class of the LiveUpdate ActiveX control.

Recommendations: For Autodesk Design Review version 2009, consider disabling the ApplyPatch method until a patch is available. For Revit Architecture version 2009 SP2, restrict access to the LiveUpdate ActiveX control to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2008-4472

Produtos afetados

Autodesk Design Review

Liveupdate Activex Control

Revit Architecture

PT-2008-5706 · Autodesk · Autodesk Design Review+2

CVE-2008-4472

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10