CVE-2015-8572

Name of the Vulnerable Software and Affected Versions Autodesk Design Review versions prior to 2013 Hotfix 2

Description The issue is caused by multiple buffer overflows in Autodesk Design Review, allowing remote attackers to execute arbitrary code. This can be achieved via crafted RLE data in BMP or FLI files, encoded scan lines in a PCX file, or DataSubBlock or GlobalColorTable in a GIF file.

Recommendations For versions prior to 2013 Hotfix 2, update to Autodesk Design Review 2013 Hotfix 2 to resolve the issue. As a temporary workaround, consider avoiding the use of RLE data in BMP and FLI files, encoded scan lines in PCX files, and DataSubBlock and GlobalColorTable parameters in GIF files until a patch is applied. Restrict access to files that may contain malicious data to minimize the risk of exploitation.