Tuesday, September 30th, 2008...12:21 pm...by:
Autodesk Design Review DWF Viewer Vulnerability
Secunia is reporting a vulnerability with Autodesk’s Design Review DWF Viewer which can lead to a compromised PC.
The vulnerability stems from a flaw in the ActiveX control including the insecure “SaveAs()” method. If exploited, arbitrary files on the compromised computer can be overwritten.
This vulnerability was originally discovered by “bruiser” from Nine Situations Group and outlined here. Bruiser tested the vulnerability using Internet Explorer 6 along with Revit Architecture 2009 SP2 and Autodesk Design Review 2009.
DWF is a very popular file format for quickly and easily sending drawing files through email, among other things. Many CAD users prefer DWF because of its vector based capabilities, small file size and the ability for people to view drawing files without having AutoCad installed. I previously posted on the benefits of DWF for CAD users.
- Autodesk Announces DWF Viewer 7 is Available Autodesk has announced the released of DWF Viewer 7. This...
- Autodesk DWF Viewer 7.0 Issues Ok...so you have installed the new DWF Viewer 7.0 on...
- Autodesk Downloads Autocad 2006 Trial Version FREE This is a full version...
- DWG TrueView: DWF in Black & White We make liberal use of DWF when corresponding with our...
- New Autodesk Product Coming Soon It is codenamed "Vespa" (yeah...like the scooter :)). It allows...
2 Comments
October 14th, 2008 at 2:17 pm
The Autodesk Design Review team is aware of the problem and we are working towards a resolution.
I will post an announcement on http://www.dwf.blogs.com once we have made a solution available to our customers.
Thank you,
Volker
October 14th, 2008 at 5:03 pm
Thanks, Joseph. We will keep our eyes open for that DWF Viewer announcement.
Leave a Reply