Autodesk Design Review < 2013 Hotfix 2 Multiple RCE

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has an application installed that is affected
by multiple remote code execution vulnerabilities.

Description :

The version of Autodesk Design Review installed on the remote Windows
host is prior to 2013 Hotfix 2. It is, therefore, affected by the
following vulnerabilities :

- An integer overflow condition exists due to improper
handling of BMP images. A remote attacker can exploit
this, via a crafted 'biClrUsed' value in a BMP file, to
trigger a buffer overflow, resulting in the execution of
arbitrary code. (CVE-2015-8571)

- Multiple buffer overflow conditions exist due to
improper validation of user-supplied input. A remote
attacker can exploit this, via crafted data in BMP, FLI,
and GIF files, to execute arbitrary code.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

Solution :

Apply Hotfix 2 to Autodesk Design Review 2013.

Note that older versions will need to be updated to 2013 before
applying the hotfix.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 87766 ()

Bugtraq ID: 79800

CVE ID: CVE-2015-8571

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now