in CAD, Security and tagged autocad, autodesk, CAD, dwf viewer, revit
Secunia is reporting a vulnerability with Autodesk’s Design Review DWF Viewer which can lead to a compromised PC.
The vulnerability stems from a flaw in the ActiveX control including the insecure “SaveAs()” method. If exploited, arbitrary files on the compromised computer can be overwritten.
This vulnerability was originally discovered by “bruiser” from Nine Situations Group and outlined here. Bruiser tested the vulnerability using Internet Explorer 6 along with Revit Architecture 2009 SP2 and Autodesk Design Review 2009.
DWF is a very popular file format for quickly and easily sending drawing files through email, among other things. Many CAD users prefer DWF because of its vector based capabilities, small file size and the ability for people to view drawing files without having AutoCad installed. I previously posted on the benefits of DWF for CAD users.
The Autodesk Design Review team is aware of the problem and we are working towards a resolution.
I will post an announcement on http://www.dwf.blogs.com once we have made a solution available to our customers.
Thank you,
Volker
Thanks, Joseph. We will keep our eyes open for that DWF Viewer announcement.