Autodesk Design Review vulnerabilities

CVE-2019-7362 [HIGH] CWE-427 CVE-2019-7362: DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attac DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.

CVE-2015-8571 [MEDIUM] CWE-189 CVE-2015-8571: Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to exe Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.

CVE-2015-8572 [MEDIUM] CWE-119 CVE-2015-8572: Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attacker Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.

CVE-2014-9268 [MEDIUM] CWE-20 CVE-2014-9268: The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows re The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.

CVE-2008-4472 [CRITICAL] CWE-264 CVE-2008-4472: The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revi The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

CVE-2008-4471 [CRITICAL] CWE-22 CVE-2008-4471: Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX contr Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.