Page 4 of 20 results (0.010 seconds)

CVSS: 6.8EPSS: 39%CPEs: 1EXPL: 0

Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. Desbordamiento de entero en Autodesk Design Review (ADR) en versiones anteriores a 2013 Hotfix 2 permite a atacantes remotos ejecutar código arbitrario a través de un valor biClrUsed manipulado en un archivo BMP, lo que desencadena un desbordamiento de buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of BMP files. The issue lies in the the failure to test for an integer overflow when multiplying the biClrUsed value by four. • http://www.securityfocus.com/bid/79800 http://www.zerodayinitiative.com/advisories/ZDI-15-617 https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 78%CPEs: 1EXPL: 0

Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. Múltiples desbordamientos de buffer en Autodesk Design Review (ADR) en versiones anteriores a 2013 Hotfix 2 permite a atacantes remotos ejecutar código arbitrario a través de datos RLE manipulados en (1) un archivo BMP o (2) un archivo FLI, (3) líneas de escaneo codificadas en un archivo PCX , o (4) DataSubBlock o (5) GlobalColorTable en un archivo GIF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF files. The issue lies in the failure to handle the case when the GlobalColorTable is present despite not being specified. • http://www.zerodayinitiative.com/advisories/ZDI-15-615 http://www.zerodayinitiative.com/advisories/ZDI-15-616 http://www.zerodayinitiative.com/advisories/ZDI-15-618 http://www.zerodayinitiative.com/advisories/ZDI-15-619 http://www.zerodayinitiative.com/advisories/ZDI-15-620 https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0

The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. El control AdView.AdViewer.1 ActiveX en Autodesk Design Review (ADR) anterior a 2013 Hotfix 1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero DWF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AdView.AdViewer.1 ActiveX control. By providing a malformed DWF file to the control, an attacker can execute arbitrary code in the context of the browser. • http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html http://www.zerodayinitiative.com/advisories/ZDI-14-402 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 1

The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. La clase UpdateEngine en el control Active X LiveUpdate (LiveUpdate16.DLL 17.2.56), utilizado en Revit Architecture 2009 SP2 y Autodesk Design Review 2009, que permite a los atacantes remotos ejecutar arbitrariamente programas a través del segundo argumento del método ApplyPatch. • https://www.exploit-db.com/exploits/6630 http://images.autodesk.com/adsk/files/live_update_hotfix0.html http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html http://securityreason.com/securityalert/4361 http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID=11705366 http://www.securityfocus.com/archive/1/496847/100/0/threaded http://www.securityfocus.com/bid/31490 http://www.vupen.com/english/advisories/2008/2704 https://exchange.xforce. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 2

Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method. Vulnerabilidad de salto de directorio en la clase CExpressViewerControl en el control ActiveX DWF Viewer (AdView.dll 9.0.0.96), utilizado en Revit Architecture 2009 SP2 y Autodesk Design Review 2009, que permite a los atacante remotos sobrescribir arbitrariamente archivos a través de secuencias "..\" en el argumento to del método SaveAs. • https://www.exploit-db.com/exploits/6630 http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html http://secunia.com/advisories/31989 http://securityreason.com/securityalert/4361 http://www.securityfocus.com/archive/1/496847/100/0/threaded http://www.securityfocus.com/bid/31487 http://www.vupen.com/english/advisories/2008/2704 https://exchange.xforce.ibmcloud.com/vulnerabilities/45519 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •