Autodesk Design Review < 2013 Hotfix 3 Multiple RCE

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
multiple remote code execution vulnerabilities.

Description :

The version of Autodesk Design Review installed on the remote Windows
host is prior to 2013 Hotfix 3. It is, therefore, affected by the
following vulnerabilities :

- A buffer overflow condition exists when handling FLI
files due to improper validation of user-supplied input.
An unauthenticated, remote attacker can exploit this to
execute arbitrary code by convincing a user to visit a
malicious web page or open a specially crafted file.
(VulnDB 149398)

- A buffer overflow condition exists when handling BMP
files due to improper validation of the size of the
biClrUsed field. An unauthenticated, remote attacker can
exploit this to execute arbitrary code by convincing a
user to visit a malicious web page or open a specially
crafted file. (VulnDB 149399)

- A use-after-free error exists when handling PNG files.
An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a malicious web page or open
a specially crafted file, to dereference already freed
memory, resulting in the execution of arbitrary code.
(VulnDB 149400)

- A buffer overflow condition exists when handling JFIF
files due to a failure to ensure that decompressed
content fits within an allocated buffer. An
unauthenticated, remote attacker can exploit this to
execute arbitrary code by convincing a user to visit a
malicious web page or open a specially crafted file.
(VulnDB 149401)

- An out-of-bounds indexing error exists when handling
JPEG files that allows an unauthenticated, remote
attacker to execute arbitrary code by convincing a user
to visit a malicious web page or open a specially
crafted file. (VulnDB 149402)

- An out-of-bounds indexing error exists when handling
GIF files that allows an unauthenticated, remote
attacker to execute arbitrary code by convincing a user
to visit a malicious web page or open a specially
crafted file. (VulnDB 149403)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-16-664/
http://www.zerodayinitiative.com/advisories/ZDI-16-665/
http://www.zerodayinitiative.com/advisories/ZDI-16-666/
http://www.zerodayinitiative.com/advisories/ZDI-16-667/
http://www.zerodayinitiative.com/advisories/ZDI-16-668/
http://www.zerodayinitiative.com/advisories/ZDI-16-669/
http://www.nessus.org/u?d427536b

Solution :

Apply Hotfix 3 to Autodesk Design Review 2013.

Note that older versions will first need to be upgraded to Autodesk
Design Review 2013 before applying the hotfix.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 96315 ()

Bugtraq ID: 95089

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now