OpenCVE

Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Autodesk	Design Review Dwf Viewer Revit Architecture

Configuration 1 [-]

OR	cpe:2.3:a:autodesk:design_review:2009:::::::*
	cpe:2.3:a:autodesk:dwf_viewer::::::::
	cpe:2.3:a:autodesk:revit_architecture:2009:sp2::::::

No data.

References

Link	Providers
http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html
http://secunia.com/advisories/31989
http://securityreason.com/securityalert/4361
http://www.securityfocus.com/archive/1/496847/100/0/threaded
http://www.securityfocus.com/bid/31487
http://www.vupen.com/english/advisories/2008/2704
https://exchange.xforce.ibmcloud.com/vulnerabilities/45519
https://www.exploit-db.com/exploits/6630

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-07T18:27:00

Updated: 2024-08-07T10:17:09.698Z

Reserved: 2008-10-07T00:00:00

Link: CVE-2008-4471

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-10-07T20:00:17.390

Modified: 2024-11-21T00:51:45.487

Link: CVE-2008-4471

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-30T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via \"..\\\" sequences in the argument to the SaveAS method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "6630", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6630"}, {"name": "4361", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4361"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html"}, {"name": "designreview-adview-file-overwrite(45519)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45519"}, {"name": "31487", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31487"}, {"name": "ADV-2008-2704", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2704"}, {"name": "20080930 Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/496847/100/0/threaded"}, {"name": "31989", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31989"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4471", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via \"..\\\" sequences in the argument to the SaveAS method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "6630", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6630"}, {"name": "4361", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4361"}, {"name": "http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html"}, {"name": "designreview-adview-file-overwrite(45519)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45519"}, {"name": "31487", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31487"}, {"name": "ADV-2008-2704", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2704"}, {"name": "20080930 Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/496847/100/0/threaded"}, {"name": "31989", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31989"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:09.698Z"}, "title": "CVE Program Container", "references": [{"name": "6630", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6630"}, {"name": "4361", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4361"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html"}, {"name": "designreview-adview-file-overwrite(45519)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45519"}, {"name": "31487", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31487"}, {"name": "ADV-2008-2704", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2704"}, {"name": "20080930 Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/496847/100/0/threaded"}, {"name": "31989", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31989"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4471", "datePublished": "2008-10-07T18:27:00", "dateReserved": "2008-10-07T00:00:00", "dateUpdated": "2024-08-07T10:17:09.698Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:design_review:2009:*:*:*:*:*:*:*", "matchCriteriaId": "D015F7C3-BBFB-418C-8B50-2047AE1E142E", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:dwf_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E11496F-A4A3-48B2-BFD4-D00D13BD9E2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:revit_architecture:2009:sp2:*:*:*:*:*:*", "matchCriteriaId": "877A0489-AC5E-4A8C-827B-EDD6EF62E0BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via \"..\\\" sequences in the argument to the SaveAS method."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la clase CExpressViewerControl en el control ActiveX DWF Viewer (AdView.dll 9.0.0.96), utilizado en Revit Architecture 2009 SP2 y Autodesk Design Review 2009, que permite a los atacante remotos sobrescribir arbitrariamente archivos a trav\u00e9s de secuencias \"..\\\" en el argumento to del m\u00e9todo SaveAs."}], "id": "CVE-2008-4471", "lastModified": "2024-11-21T00:51:45.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-10-07T20:00:17.390", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31989"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4361"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/496847/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31487"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2704"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45519"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6630"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/496847/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2704"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6630"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}