CVE-2015-8571 - Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to exe

CVE-2015-8571

Summary

Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.

References

http://www.securityfocus.com/bid/79800
http://www.zerodayinitiative.com/advisories/ZDI-15-617
https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html

Vulnerable Configurations

cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 28-11-2016 - 19:48)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	79800
confirm	https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html
misc	http://www.zerodayinitiative.com/advisories/ZDI-15-617

Last major update

28-11-2016 - 19:48

Published

15-12-2015 - 21:59

Last modified

28-11-2016 - 19:48