NVD

Id
4295  
Name
CVE-2008-4472  
Description
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-10-07  
Modified Date
2011-03-07  
Seq
2008-4472  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
27200 4295 CVE-2008-4472 http://images.autodesk.com/adsk/files/live_update_hotfix0.html  View
27201 4295 CVE-2008-4472 http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html  View
27202 4295 CVE-2008-4472 4361  View
27203 4295 CVE-2008-4472 http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID=11705366  View
27204 4295 CVE-2008-4472 6630  View
27205 4295 CVE-2008-4472 20080930 Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit  View
27206 4295 CVE-2008-4472 31490  View
27207 4295 CVE-2008-4472 ADV-2008-2704  View
27208 4295 CVE-2008-4472 designreview-liveupdate16-code-execution(45521)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
48201 JVNDB-2008-003511 Revit Architecture で使用される LiveUpdate ActiveX コントロールの UpdateEngine クラスにおける任意のプログラムを実行される脆弱性 Revit Architecture および Autodesk Design Review で使用される LiveUpdate ActiveX コントロール (LiveUpdate16.DLL) の UpdateEngine クラスには、任意のプログラムを実行される脆弱性が存在します。 CVE-2008-4472 34585 CVE-2008-4472 4295 9.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003511.html 2008-10-07 2012-06-26 View