Remote Code Execution Vulnerability in Autodesk LiveUpdate Control
CVE-2008-4472

Currently unrated

Key Information:

Vendor: Autodesk
Status: Design Review; Revit Architecture; Dwf Viewer
Vendor: CVE Published:; 7 October 2008

Summary

The UpdateEngine class in the LiveUpdate ActiveX control, specifically in LiveUpdate16.DLL version 17.2.56, poses a risk by allowing remote attackers to execute arbitrary programs. This is accomplished through the manipulation of the second argument in the ApplyPatch method, affecting popular Autodesk products such as Revit Architecture 2009 SP2 and Autodesk Design Review 2009.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45521

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/31490

vdb-entryx_refsource_BID

http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=12...

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 7, 2008
Vulnerability Reserved
Oct 7, 2008