PT-2008-5706 · Autodesk · Autodesk Design Review+2

Nine:Situations:Group

Published

2008-10-07

Updated

2018-10-11

CVE-2008-4472

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Autodesk Design Review version 2009 Revit Architecture version 2009 SP2

Description: The issue allows remote attackers to execute arbitrary programs. This is achieved via the second argument to the ApplyPatch method in the UpdateEngine class of the LiveUpdate ActiveX control.

Recommendations: For Autodesk Design Review version 2009, consider disabling the ApplyPatch method until a patch is available. For Revit Architecture version 2009 SP2, restrict access to the LiveUpdate ActiveX control to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-4472

Affected Products

Autodesk Design Review

Liveupdate Activex Control

Revit Architecture

PT-2008-5706 · Autodesk · Autodesk Design Review+2

CVE-2008-4472

Weakness Enumeration

Related Identifiers

Affected Products

References · 10