Autodesk LiveUpdate ActiveX control ApplyPatch method vulnerability

Added: 10/06/2008
CVE: CVE-2008-4472
BID: 31490
OSVDB: 49047

Background

Autodesk is a suite of architectural design software products.

Problem

The ApplyPatch method in the LiveUpdate ActiveX control allows a web page to execute arbitrary files on the system. Remote command execution is possible by specifying an executable file placed on an SMB share.

Resolution

Set the kill bit for class ID 89EC7921-729B-4116-A819-DF86A4A5776B as described in Microsoft Knowledge Base Article 240797.

References

http://www.securityfocus.com/archive/1/496847

Limitations

Exploit works on Autodesk Revit Architecture 2009 and requires a user to load the exploit page in Internet Explorer.

Immediately after running the exploit, download the file /exploit.exe from the exploit server, and save it on the SMB share you specified when you started the exploit. The SMB share must be accessible by the target user in order for the exploit to succeed.

Platforms

Windows

Back to exploit index