Autodesk IDrop ActiveX Control Heap Corruption
High Nessus Plugin ID 36087
SynopsisThe remote Windows host has an ActiveX control that is affected by a heap corruption vulnerability.
DescriptionThe IDrop ActiveX control, a utility from Autodesk that provides the ability to drag and drop web content into a drawing session, is installed on the remote Windows host.
Manipulation of the control's 'Src', 'Background', and 'PackageXml' properties reportedly can be abused to trigger a heap-use-after-free condition. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to execute arbitrary code on the affected system subject to the user's privileges.
SolutionRemove the affected software as it reportedly is no longer supported by Autodesk.