Jump to content


Photo

Autodesk Design Review Insecure Library Loading Vulnerability


  • Please log in to reply
No replies to this topic

#1 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 June 2011 - 03:28 PM

https://secunia.com/advisories/41013/
Autodesk Design Review Insecure Library Loading Vulnerability

The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll, whiptk_wt.7.12.601.dll, xaml_wt.7.6.0.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a DWF file located on a remote WebDAV or SMB share.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 2011 11.0.0.86 and also reported in version 2010. Other versions may also be affected.

There does not seem to be an update or patch to fix this.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button