Autodesk Design Review < 2013 Hotfix 3 Multiple RCE

high Nessus Plugin ID 96315

Synopsis

An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.

Description

The version of Autodesk Design Review installed on the remote Windows host is prior to 2013 Hotfix 3. It is, therefore, affected by the following vulnerabilities :

- A buffer overflow condition exists when handling FLI files due to improper validation of user-supplied input.
An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a malicious web page or open a specially crafted file.

- A buffer overflow condition exists when handling BMP files due to improper validation of the size of the biClrUsed field. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a malicious web page or open a specially crafted file.

- A use-after-free error exists when handling PNG files.
An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious web page or open a specially crafted file, to dereference already freed memory, resulting in the execution of arbitrary code.

- A buffer overflow condition exists when handling JFIF files due to a failure to ensure that decompressed content fits within an allocated buffer. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a malicious web page or open a specially crafted file.

- An out-of-bounds indexing error exists when handling JPEG files that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a malicious web page or open a specially crafted file.

- An out-of-bounds indexing error exists when handling GIF files that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a malicious web page or open a specially crafted file.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply Hotfix 3 to Autodesk Design Review 2013.

Note that older versions will first need to be upgraded to Autodesk Design Review 2013 before applying the hotfix.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-16-664/

https://www.zerodayinitiative.com/advisories/ZDI-16-665/

https://www.zerodayinitiative.com/advisories/ZDI-16-666/

https://www.zerodayinitiative.com/advisories/ZDI-16-667/

https://www.zerodayinitiative.com/advisories/ZDI-16-668/

https://www.zerodayinitiative.com/advisories/ZDI-16-669/

http://www.nessus.org/u?737f5f11

Plugin Details

Severity: High

ID: 96315

File Name: autodesk_dr_2013_hotfix_3.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 1/5/2017

Updated: 6/3/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/a:autodesk:design_review

Required KB Items: installed_sw/Autodesk Design Review

Patch Publication Date: 12/14/2016

Vulnerability Publication Date: 12/14/2016

Reference Information

BID: 95089