CVE-2008-4472

The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

Published: Oct 7, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4472
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
autodesk / design_review	2009	2009.x
autodesk / revit_architecture	2009-sp2	2009-sp2.x
autodesk / dwf_viewer	-	-

http://images.autodesk.com/adsk/files/live_update_hotfix0.html
http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html
http://securityreason.com/securityalert/4361
http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID=11705366
http://www.securityfocus.com/archive/1/496847/100/0/threaded
http://www.securityfocus.com/bid/31490
http://www.vupen.com/english/advisories/2008/2704
https://exchange.xforce.ibmcloud.com/vulnerabilities/45521
https://www.exploit-db.com/exploits/6630

Vulnerability Database

289,697

CVE-2008-4472