CVE-2008-4471 Information
Feb 14, 2021
cve
Description
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96) as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009 allows remote attackers to overwrite arbitrary files via ..\\ sequences in the argument to the SaveAS method.
Reference
http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html http://secunia.com/advisories/31989 http://securityreason.com/securityalert/4361 http://www.securityfocus.com/archive/1/496847/100/0/threaded http://www.securityfocus.com/bid/31487 http://www.vupen.com/english/advisories/2008/2704 https://exchange.xforce.ibmcloud.com/vulnerabilities/45519 https://www.exploit-db.com/exploits/6630
Share on: