AutoDesk LiveUpdate ActiveX Control ApplyPatch Method Execution
High Nessus Plugin ID 35627
SynopsisThe remote Windows host has an ActiveX control that can be used to execute programs.
DescriptionThe version of the LiveUpdate ActiveX control, a component included with AutoCAD-based products and installed on the remote Windows host, reportedly allows execution of arbitrary programs via the second argument to the control's 'ApplyPatch' method. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage these issues to execute arbitrary code on the affected system subject to the user's privileges.
SolutionApply the hotfix referenced in the vendor advisory above and verify that the version of the control is 220.127.116.11 or or later.