CVE-2008-4472

Autodesk Design Review and Revit Architecture 2009 - Remote Code Execution via LiveUpdate ActiveX ApplyPatch Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4472. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit leverages two vulnerabilities in Autodesk DWF Viewer: an insecure SaveAS() method to write arbitrary files and an ApplyPatch() method to execute them. It demonstrates remote code execution by saving a malicious HTA file and executing it via the LiveUpdate module.

Description

The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · htmlremotewindows

https://www.exploit-db.com/exploits/6630

View Code ZIP pw:eip

This exploit leverages two vulnerabilities in Autodesk DWF Viewer: an insecure SaveAS() method to write arbitrary files and an ApplyPatch() method to execute them. It demonstrates remote code execution by saving a malicious HTA file and executing it via the LiveUpdate module.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Autodesk DWF Viewer Control (AdView.dll v9.0.0.96) and LiveUpdate Module (LiveUpdate16.DLL 17.2.56)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 · Autodesk DWF Viewer or Design Review 2009 must be installed

MITRE ATT&CK