Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:STC:ACTIVEX:ADESK-AX

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Autodesk LiveUpdate16.DLL Unsafe ActiveX Control

Release Date

 2010/08/27

Update Number

 1761

Supported Platforms

 idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Autodesk LiveUpdate16.DLL Unsafe ActiveX Control


This signature detects attempts to use unsafe ActiveX controls in Autodesk. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The Autodesk LiveUpdate Module 'LiveUpdate16.DLL' ActiveX control is prone to a vulnerability that lets attackers execute arbitrary local programs. Successfully exploiting this issue allows remote attackers to execute arbitrary local programs in the context of the application using the ActiveX control (typically Internet Explorer). 'LiveUpdate61.DLL' 17.2.56 is vulnerable; other versions may also be affected.

Affected Products

  • Autodesk autocad_2004
  • Autodesk autocad_2005
  • Autodesk autocad_2006
  • Autodesk autocad_2007
  • Autodesk autocad_2008
  • Autodesk autocad_2009
  • Autodesk autocad_architecture_2008
  • Autodesk autocad_architecture_2009
  • Autodesk autocad_civil_2009
  • Autodesk autocad_civil_3d_2008
  • Autodesk autocad_civil_3d_2009
  • Autodesk autocad_civil_3d_land_desktop_companion_2008
  • Autodesk autocad_civil_3d_land_desktop_companion_2009
  • Autodesk autocad_electrical_2004
  • Autodesk autocad_electrical_2005
  • Autodesk autocad_electrical_2006
  • Autodesk autocad_electrical_2007
  • Autodesk autocad_electrical_2008
  • Autodesk autocad_electrical_2009
  • Autodesk autocad_land_desktop_2008
  • Autodesk autocad_land_desktop_2009
  • Autodesk autocad_land_desktop_companion_2008
  • Autodesk autocad_lt_2004
  • Autodesk autocad_lt_2005
  • Autodesk autocad_lt_2006
  • Autodesk autocad_lt_2007
  • Autodesk autocad_lt_2008
  • Autodesk autocad_lt_2009
  • Autodesk autocad_map_3d_2008
  • Autodesk autocad_map_3d_2009
  • Autodesk autocad_mechanical_2004
  • Autodesk autocad_mechanical_2004_dx
  • Autodesk autocad_mechanical_2005
  • Autodesk autocad_mechanical_2006
  • Autodesk autocad_mechanical_2007
  • Autodesk autocad_mechanical_2008
  • Autodesk autocad_mechanical_2009
  • Autodesk autocad_mep_2008
  • Autodesk autocad_mep_2009
  • Autodesk autocad_oem_2008
  • Autodesk autocad_p&id_2008
  • Autodesk autocad_p&id_2009
  • Autodesk autocad_raster_design_2008
  • Autodesk autocad_raster_design_2009
  • Autodesk autocad_revit_architecture_suite_2008
  • Autodesk autocad_revit_architecture_suite_2009
  • Autodesk autocad_revit_mep_suite_2008
  • Autodesk autocad_revit_mep_suite_2009
  • Autodesk autocad_revit_structure_suite_2008
  • Autodesk autocad_revit_structure_suite_2009
  • Autodesk autocad_structural_detailing_2009
  • Autodesk autocad_survey_2009
  • Autodesk design_review_2009
  • Autodesk revit_architecture_2009

References

  • BugTraq: 31490
  • CVE: CVE-2008-4472
  • URL: http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=12452198&linkID=11705366

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out