Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4471Path Traversal in Design Review

CWE-22Path Traversal4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
6.2%
top 9.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Autodesk Design ReviewAutodesk Revit Architecture
Timeline
PublishedOct 7
Latest updateMay 2

Description

Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-8jjr-g6fq-c5f8: Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView2022-05-02
CVEList
CVE-2008-4471: Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView2008-10-07

💥Exploits & PoCs

1
Exploit-DB
Autodesk DWF Viewer Control / LiveUpdate Module - Remote Code Execution2008-09-30
CVE-2008-4471 — Path Traversal in Design Review | cvebase