Secunia is reporting a vulnerability with Autodesk’s Design Review DWF Viewer which can lead to a compromised PC.
The vulnerability stems from a flaw in the ActiveX control including the insecure “SaveAs()” method. If exploited, arbitrary files on the compromised computer can be overwritten.
This vulnerability was originally discovered by “bruiser” from Nine Situations Group and outlined here. Bruiser tested the vulnerability using Internet Explorer 6 along with Revit Architecture 2009 SP2 and Autodesk Design Review 2009.
DWF is a very popular file format for quickly and easily sending drawing files through email, among other things. Many CAD users prefer DWF because of its vector based capabilities, small file size and the ability for people to view drawing files without having AutoCad installed. I previously posted on the benefits of DWF for CAD users.