CVSS: 6.8EPSS: 78%CPEs: 1EXPL: 0CVE-2015-8572 – Autodesk Design Review GIF GlobalColorTable Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8572
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. Múltiples desbordamientos de buffer en Autodesk Design Review (ADR) en versiones anteriores a 2013 Hotfix 2 permite a atacantes remotos ejecutar código arbitrario a través de datos RLE manipulados en (1) un archivo BMP o (2) un archivo FLI, (3) líneas de escaneo codificadas en un archivo PCX , o (4) DataSubBlock o (5) GlobalColorTable en un archivo GIF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF files. The issue lies in the failure to handle the case when the GlobalColorTable is present despite not being specified. • http://www.zerodayinitiative.com/advisories/ZDI-15-615 http://www.zerodayinitiative.com/advisories/ZDI-15-616 http://www.zerodayinitiative.com/advisories/ZDI-15-618 http://www.zerodayinitiative.com/advisories/ZDI-15-619 http://www.zerodayinitiative.com/advisories/ZDI-15-620 https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0CVE-2014-9268 – Autodesk Design Review AdView.AdViewer.1 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-9268
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. El control AdView.AdViewer.1 ActiveX en Autodesk Design Review (ADR) anterior a 2013 Hotfix 1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero DWF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AdView.AdViewer.1 ActiveX control. By providing a malformed DWF file to the control, an attacker can execute arbitrary code in the context of the browser. • http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html http://www.zerodayinitiative.com/advisories/ZDI-14-402 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2014-3938
https://notcve.org/view.php?id=CVE-2014-3938
Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow. Desbordamiento de enteros en Autodesk SketchBook Pro anterior a 6.2.6 permite a atacantes remotos ejecutar código arbitrario a través de datos manipulados de máscara en capas en un fichero PSD, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://secunia.com/advisories/58000 http://secunia.com/secunia_research/2014-6 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0CVE-2014-3939
https://notcve.org/view.php?id=CVE-2014-3939
Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file. Desbordamientyo de buffer basado en memoria dinámica en Autodesk SketchBook Pro anterior a 6.2.6 permite a atacantes remotos ejecutar código arbitrario a través de datos manipulados de mapa de bits de capas en un fichero PXD. • http://secunia.com/advisories/58000 http://secunia.com/secunia_research/2014-7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2967
https://notcve.org/view.php?id=CVE-2014-2967
Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. Autodesk VRED Professional 2014 anterior a SR1 SP8 permite a atacantes remotos ejecutar código arbitrario a través de llamadas de libraría Python os en comandos Python API en el servidor web integrado. • http://www.kb.cert.org/vuls/id/402020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •