Back to search
CVE-2008-4472
Published: Oct 7, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
designreview-liveupdate-unauth-access(45521)
vdb-entry
x_refsource_XF
31490
vdb-entry
x_refsource_BID
6630
exploit
x_refsource_EXPLOIT-DB
http://images.autodesk.com/adsk/files/live_update_hotfix0.html
x_refsource_MISC
4361
third-party-advisory
x_refsource_SREASON
ADV-2008-2704
vdb-entry
x_refsource_VUPEN
20080930 Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now