Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Design_review
(Autodesk)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 46 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-09 | CVE-2021-27039 | A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code. | Autocad, Design_review | 7.8 | ||
| 2022-04-18 | CVE-2022-27526 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | Design_review | 7.8 | ||
| 2021-07-09 | CVE-2021-27034 | A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code. | Design_review | 7.8 | ||
| 2019-08-23 | CVE-2019-7362 | DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution. | Design_review | 7.8 | ||
| 2019-08-23 | CVE-2019-7363 | Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution. | Design_review | 7.8 | ||
| 2015-12-15 | CVE-2015-8572 | Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. | Design_review | N/A | ||
| 2015-12-15 | CVE-2015-8571 | Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. | Design_review | N/A | ||
| 2014-12-08 | CVE-2014-9268 | The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. | Design_review | N/A | ||
| 2008-10-07 | CVE-2008-4472 | The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. | Design_review, Dwf_viewer, Revit_architecture | N/A | ||
| 2008-10-07 | CVE-2008-4471 | Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method. | Design_review, Dwf_viewer, Revit_architecture | N/A |