Autodesk LiveUpdate ActiveX control ApplyPatch method vulnerability

2008-10-06T00:00:00
ID SAINT:85648B3D76C557A4D82DFB7B015A31DB
Type saint
Reporter SAINT Corporation
Modified 2008-10-06T00:00:00

Description

Added: 10/06/2008
CVE: CVE-2008-4472
BID: 31490
OSVDB: 49047

Background

Autodesk is a suite of architectural design software products.

Problem

The **ApplyPatch** method in the **LiveUpdate** ActiveX control allows a web page to execute arbitrary files on the system. Remote command execution is possible by specifying an executable file placed on an SMB share.

Resolution

Set the kill bit for class ID 89EC7921-729B-4116-A819-DF86A4A5776B as described in Microsoft Knowledge Base Article 240797.

References

<http://www.securityfocus.com/archive/1/496847>

Limitations

Exploit works on Autodesk Revit Architecture 2009 and requires a user to load the exploit page in Internet Explorer.

Immediately after running the exploit, download the file /exploit.exe from the exploit server, and save it on the SMB share you specified when you started the exploit. The SMB share must be accessible by the target user in order for the exploit to succeed.

Platforms

Windows