7.4 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.023 Low
EPSS
Percentile
89.8%
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
images.autodesk.com/adsk/files/live_update_hotfix0.html
retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html
securityreason.com/securityalert/4361
usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID=11705366
www.securityfocus.com/archive/1/496847/100/0/threaded
www.securityfocus.com/bid/31490
www.vupen.com/english/advisories/2008/2704
exchange.xforce.ibmcloud.com/vulnerabilities/45521
www.exploit-db.com/exploits/6630