Page 9 of 47 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution. Vulnerabilidad de precarga de DLL en las versiones 2011, 2012, 2013 y 2018 de Autodesk Design Review. Un atacante puede engañar a un usuario para que abra un archivo DWF malicioso que puede aprovechar una vulnerabilidad de precarga de DLL, que puede provocar la ejecución del código. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002 • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.8EPSS: 39%CPEs: 1EXPL: 0

Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. Desbordamiento de entero en Autodesk Design Review (ADR) en versiones anteriores a 2013 Hotfix 2 permite a atacantes remotos ejecutar código arbitrario a través de un valor biClrUsed manipulado en un archivo BMP, lo que desencadena un desbordamiento de buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of BMP files. The issue lies in the the failure to test for an integer overflow when multiplying the biClrUsed value by four. • http://www.securityfocus.com/bid/79800 http://www.zerodayinitiative.com/advisories/ZDI-15-617 https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 78%CPEs: 1EXPL: 0

Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. Múltiples desbordamientos de buffer en Autodesk Design Review (ADR) en versiones anteriores a 2013 Hotfix 2 permite a atacantes remotos ejecutar código arbitrario a través de datos RLE manipulados en (1) un archivo BMP o (2) un archivo FLI, (3) líneas de escaneo codificadas en un archivo PCX , o (4) DataSubBlock o (5) GlobalColorTable en un archivo GIF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF files. The issue lies in the failure to handle the case when the GlobalColorTable is present despite not being specified. • http://www.zerodayinitiative.com/advisories/ZDI-15-615 http://www.zerodayinitiative.com/advisories/ZDI-15-616 http://www.zerodayinitiative.com/advisories/ZDI-15-618 http://www.zerodayinitiative.com/advisories/ZDI-15-619 http://www.zerodayinitiative.com/advisories/ZDI-15-620 https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0

The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. El control AdView.AdViewer.1 ActiveX en Autodesk Design Review (ADR) anterior a 2013 Hotfix 1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero DWF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AdView.AdViewer.1 ActiveX control. By providing a malformed DWF file to the control, an attacker can execute arbitrary code in the context of the browser. • http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html http://www.zerodayinitiative.com/advisories/ZDI-14-402 • CWE-20: Improper Input Validation •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Multiple untrusted search path vulnerabilities in Autodesk Design Review 2011 11.0.0.86 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll, (2) whiptk_wt.7.12.601.dll, or (3) xaml_wt.7.6.0.dll file in the current working directory, as demonstrated by a directory that contains a .dwf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de ruta de búsqueda no confiable en Autodesk Design Review 2011 11.0.0.86 permite a usuarios locales obtener privilegios a través de un troyano (1) dwmapi.dll, whiptk_wt.7.12.601.dll (2), o xaml_wt.7.6.0 (3) . dll en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. dwf. NOTA: el origen de esta información es desconocida, los datos se obtienen exclusivamente a partir de información de terceros. • http://secunia.com/advisories/41013 •