CVE-2008-4472

Autodesk Design Review - Access Control

Title source: rule

Description

The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmlremotewindows

https://www.exploit-db.com/exploits/6630

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45521

[Various Sources] http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID=11705366

[Various Sources] http://images.autodesk.com/adsk/files/live_update_hotfix0.html

[Various Sources] http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31490

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6630

[Third Party Advisory] http://securityreason.com/securityalert/4361

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2704

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/496847/100/0/threaded

Scores

EPSS 0.1132

EPSS Percentile 93.6%

Details

CWE

CWE-264

Status published

Products (3)

autodesk/design_review 2009

autodesk/dwf_viewer

autodesk/revit_architecture 2009 sp2

Published Oct 07, 2008

Tracked Since Feb 18, 2026