Design Review
CVE-2014-9268
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.
AnalysisAI
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Technical ContextAI
This vulnerability is classified under CWE-20. The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. Affected products include: Autodesk Design Review. Version information: before 2013.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Design Review
View allA maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PD
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitra
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today