CVE-2014-9268 — Improper Input Validation in Design Review

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.3%

top 20.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Design Review

Timeline

PublishedDec 8

Latest updateMay 17

Description

The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDautodesk/design_review2013

Patches

Patch: knowledge.autodesk.com ↗Patch: knowledge.autodesk.com ↗

🔴Vulnerability Details

GHSA

GHSA-67v4-4jpx-67vq: The AdView↗2022-05-17

▶

CVEList

CVE-2014-9268: The AdView↗2014-12-08

▶