Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Autodesk Subscribe
Filtered by product Design Review
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7363 1 Autodesk 1 Design Review 2019-08-30 6.8 MEDIUM 7.8 HIGH
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.
CVE-2008-4471 1 Autodesk 3 Design Review, Dwf Viewer, Revit Architecture 2018-10-11 9.3 HIGH N/A
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
CVE-2008-4472 1 Autodesk 3 Design Review, Dwf Viewer, Revit Architecture 2018-10-11 9.3 HIGH N/A
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
CVE-2015-8571 1 Autodesk 1 Design Review 2016-11-28 6.8 MEDIUM N/A
Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.
CVE-2015-8572 1 Autodesk 1 Design Review 2015-12-16 6.8 MEDIUM N/A
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.
CVE-2014-9268 1 Autodesk 1 Design Review 2015-12-16 6.8 MEDIUM N/A
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.