CVE-2014-9268 – Autodesk Design Review AdView.AdViewer.1 Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-9268

The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. El control AdView.AdViewer.1 ActiveX en Autodesk Design Review (ADR) anterior a 2013 Hotfix 1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero DWF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AdView.AdViewer.1 ActiveX control. By providing a malformed DWF file to the control, an attacker can execute arbitrary code in the context of the browser. • http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html http://www.zerodayinitiative.com/advisories/ZDI-14-402 • CWE-20: Improper Input Validation •