Vulnerability Description
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | Design Review | 2009 |
| Autodesk | Dwf Viewer | All versions |
| Autodesk | Revit Architecture | 2009 |
Related Weaknesses (CWE)
References
- http://images.autodesk.com/adsk/files/live_update_hotfix0.html
- http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html
- http://securityreason.com/securityalert/4361
- http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID
- http://www.securityfocus.com/archive/1/496847/100/0/threaded
- http://www.securityfocus.com/bid/31490
- http://www.vupen.com/english/advisories/2008/2704
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45521
- https://www.exploit-db.com/exploits/6630
- http://images.autodesk.com/adsk/files/live_update_hotfix0.html
- http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html
- http://securityreason.com/securityalert/4361
- http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID
- http://www.securityfocus.com/archive/1/496847/100/0/threaded
- http://www.securityfocus.com/bid/31490
FAQ
What is CVE-2008-4472?
CVE-2008-4472 is a vulnerability with a CVSS score of 9.3 (HIGH). The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrar...
How severe is CVE-2008-4472?
CVE-2008-4472 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4472?
Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Design Review, Autodesk Dwf Viewer, Autodesk Revit Architecture.