CVE-2008-4471

Autodesk Design Review and DWF Viewer - Path Traversal and Arbitrary File Write via SaveAS Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4471. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit leverages two vulnerabilities in Autodesk DWF Viewer: an insecure SaveAS() method to write arbitrary files and an ApplyPatch() method to execute them. It demonstrates remote code execution by saving a malicious HTA file and executing it via the LiveUpdate module.

Description

Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmlremotewindows

https://www.exploit-db.com/exploits/6630

View Code ZIP pw:eip

This exploit leverages two vulnerabilities in Autodesk DWF Viewer: an insecure SaveAS() method to write arbitrary files and an ApplyPatch() method to execute them. It demonstrates remote code execution by saving a malicious HTA file and executing it via the LiveUpdate module.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Autodesk DWF Viewer Control (AdView.dll v9.0.0.96) and LiveUpdate Module (LiveUpdate16.DLL 17.2.56)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 · Autodesk DWF Viewer or Design Review 2009 must be installed

MITRE ATT&CK