[email protected]CVE-2008-4472

HistoryOct 07, 2008 - 8:00 p.m.

CVE-2008-4472

2008-10-0720:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-4472

updateengine

liveupdate

activex control

remote attackers

arbitrary programs

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

89.8%

JSON

The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

CPENameOperatorVersion
autodesk:design_reviewautodesk design revieweq2009
autodesk:revit_architectureautodesk revit architectureeq2009
autodesk:dwf_viewerautodesk dwf viewereq*

CPE	Name	Operator	Version
autodesk:design_review	autodesk design review	eq	2009
autodesk:revit_architecture	autodesk revit architecture	eq	2009
autodesk:dwf_viewer	autodesk dwf viewer	eq	*

References

images.autodesk.com/adsk/files/live_update_hotfix0.html

retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html

securityreason.com/securityalert/4361

usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID=11705366

www.securityfocus.com/archive/1/496847/100/0/threaded

www.securityfocus.com/bid/31490

www.vupen.com/english/advisories/2008/2704

exchange.xforce.ibmcloud.com/vulnerabilities/45521

www.exploit-db.com/exploits/6630

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for CVE-2008-4472

prion1 saint4 cvelist1 nessus1 checkpoint_advisories1