CVE-2008-4471

Autodesk Design Review - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Nine:Situations:Group · htmlremotewindows
https://www.exploit-db.com/exploits/6630

References (8)

Scores

EPSS 0.0625
EPSS Percentile 90.9%

Details

CWE
CWE-22
Status published
Products (3)
autodesk/design_review 2009
autodesk/dwf_viewer
autodesk/revit_architecture 2009 sp2
Published Oct 07, 2008
Tracked Since Feb 18, 2026