CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7362
https://notcve.org/view.php?id=CVE-2019-7362
DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution. Vulnerabilidad de precarga de DLL en las versiones 2011, 2012, 2013 y 2018 de Autodesk Design Review. Un atacante puede engañar a un usuario para que abra un archivo DWF malicioso que puede aprovechar una vulnerabilidad de precarga de DLL, que puede provocar la ejecución del código. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 39%CPEs: 1EXPL: 0CVE-2015-8571 – Autodesk Design Review BMP biClrUsed Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8571
Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. Desbordamiento de entero en Autodesk Design Review (ADR) en versiones anteriores a 2013 Hotfix 2 permite a atacantes remotos ejecutar código arbitrario a través de un valor biClrUsed manipulado en un archivo BMP, lo que desencadena un desbordamiento de buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of BMP files. The issue lies in the the failure to test for an integer overflow when multiplying the biClrUsed value by four. • http://www.securityfocus.com/bid/79800 http://www.zerodayinitiative.com/advisories/ZDI-15-617 https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 78%CPEs: 1EXPL: 0CVE-2015-8572 – Autodesk Design Review GIF GlobalColorTable Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8572
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. Múltiples desbordamientos de buffer en Autodesk Design Review (ADR) en versiones anteriores a 2013 Hotfix 2 permite a atacantes remotos ejecutar código arbitrario a través de datos RLE manipulados en (1) un archivo BMP o (2) un archivo FLI, (3) líneas de escaneo codificadas en un archivo PCX , o (4) DataSubBlock o (5) GlobalColorTable en un archivo GIF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GIF files. The issue lies in the failure to handle the case when the GlobalColorTable is present despite not being specified. • http://www.zerodayinitiative.com/advisories/ZDI-15-615 http://www.zerodayinitiative.com/advisories/ZDI-15-616 http://www.zerodayinitiative.com/advisories/ZDI-15-618 http://www.zerodayinitiative.com/advisories/ZDI-15-619 http://www.zerodayinitiative.com/advisories/ZDI-15-620 https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0CVE-2014-9268 – Autodesk Design Review AdView.AdViewer.1 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-9268
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. El control AdView.AdViewer.1 ActiveX en Autodesk Design Review (ADR) anterior a 2013 Hotfix 1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero DWF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AdView.AdViewer.1 ActiveX control. By providing a malformed DWF file to the control, an attacker can execute arbitrary code in the context of the browser. • http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html http://www.zerodayinitiative.com/advisories/ZDI-14-402 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5226
https://notcve.org/view.php?id=CVE-2010-5226
Multiple untrusted search path vulnerabilities in Autodesk Design Review 2011 11.0.0.86 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll, (2) whiptk_wt.7.12.601.dll, or (3) xaml_wt.7.6.0.dll file in the current working directory, as demonstrated by a directory that contains a .dwf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de ruta de búsqueda no confiable en Autodesk Design Review 2011 11.0.0.86 permite a usuarios locales obtener privilegios a través de un troyano (1) dwmapi.dll, whiptk_wt.7.12.601.dll (2), o xaml_wt.7.6.0 (3) . dll en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. dwf. NOTA: el origen de esta información es desconocida, los datos se obtienen exclusivamente a partir de información de terceros. • http://secunia.com/advisories/41013 •