Name |
Description |
CVE-2016-9307 |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can
allow attackers to execute arbitrary code when reading or converting
malformed 3DS format files.
|
CVE-2016-9306 |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can
allow attackers to execute arbitrary code when reading or converting
malformed DAE format files.
|
CVE-2016-9305 |
Improper handling in the Autodesk FBX-SDK before 2017.1 of type
mismatches and previously deleted objects related to reading and
converting malformed FBX format files can allow attackers to gain
access to uninitialized pointers.
|
CVE-2016-9304 |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can
allow attackers to execute arbitrary code when reading or converting
malformed DFX format files.
|
CVE-2016-9303 |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can
allow attackers to execute arbitrary code or cause an infinite loop
condition when reading or converting malformed FBX format files.
|
CVE-2016-2344 |
Stack-based buffer overflow in manager.exe in Backburner Manager in
Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote
attackers to execute arbitrary code or cause a denial of service
(daemon crash) via a crafted command. NOTE: this is only a
vulnerability in environments in which the administrator has not
followed documentation that outlines the security risks of operating
Backburner on untrusted networks.
|
CVE-2015-8572 |
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013
Hotfix 2 allow remote attackers to execute arbitrary code via crafted
RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX
file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.
|
CVE-2015-8571 |
Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2
allows remote attackers to execute arbitrary code via a crafted
biClrUsed value in a BMP file, which triggers a buffer overflow.
|
CVE-2014-9268 |
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR)
before 2013 Hotfix 1 allows remote attackers to execute arbitrary code
via a crafted DWF file.
|
CVE-2014-3939 |
Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6
allows remote attackers to execute arbitrary code via crafted layer
bitmap data in a PXD file.
|
CVE-2014-3938 |
Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote
attackers to execute arbitrary code via crafted layer mask data in a
PSD file, which triggers a heap-based buffer overflow.
|
CVE-2014-2967 |
Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers
to execute arbitrary code via Python os library calls in Python API
commands to the integrated web server.
|
CVE-2014-0819 |
Untrusted search path vulnerability in Autodesk AutoCAD before 2014
allows local users to gain privileges via a Trojan horse DLL in the
current working directory.
|
CVE-2014-0818 |
Untrusted search path vulnerability in Autodesk AutoCAD before 2014
allows local users to gain privileges and execute arbitrary VBScript
code via a Trojan horse FAS file in the FAS file search path.
|
CVE-2013-5365 |
Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014,
Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows
remote attackers to execute arbitrary code via RLE-compressed channel
data in a PSD file.
|
CVE-2013-3665 |
Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT
through 2014, and DWG TrueView through 2014 allows remote attackers to
execute arbitrary code via a crafted DWG file.
|
CVE-2010-5241 |
Multiple untrusted search path vulnerabilities in Autodesk AutoCAD
2010 allow local users to gain privileges via a Trojan horse (1)
dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as
demonstrated by a directory that contains a .dwg file. NOTE: the
provenance of this information is unknown; the details are obtained
solely from third party information.
|
CVE-2010-5226 |
Multiple untrusted search path vulnerabilities in Autodesk Design
Review 2011 11.0.0.86 allow local users to gain privileges via a
Trojan horse (1) dwmapi.dll, (2) whiptk_wt.7.12.601.dll, or (3)
xaml_wt.7.6.0.dll file in the current working directory, as
demonstrated by a directory that contains a .dwf file. NOTE: the
provenance of this information is unknown; the details are obtained
solely from third party information.
|
CVE-2009-3578 |
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya
6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1)
.ma or (2) .mb file that uses the Maya Embedded Language (MEL) python
command or unspecified other MEL commands, related to "Script Nodes."
|
CVE-2009-3577 |
Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010
allows remote attackers to execute arbitrary code via a .max file with
a MAXScript statement that calls the DOSCommand method, related to
"application callbacks."
|
CVE-2009-3576 |
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to
execute arbitrary JavaScript code via a scene package containing a
Scene Table of Contents (aka .scntoc) file with a Script_Content
element, as demonstrated by code that loads the WScript.Shell ActiveX
control.
|
CVE-2008-4472 |
The UpdateEngine class in the LiveUpdate ActiveX control
(LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and
Autodesk Design Review 2009, allows remote attackers to execute
arbitrary programs via the second argument to the ApplyPatch method.
|
CVE-2008-4471 |
Directory traversal vulnerability in the CExpressViewerControl class
in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in
Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows
remote attackers to overwrite arbitrary files via "..\" sequences in
the argument to the SaveAS method.
|
CVE-2007-4749 |
The cmdjob utility in Autodesk Backburner 3.0.2 allows remote
attackers to execute arbitrary commands on render servers by queueing
jobs that contain these commands. NOTE: this is only a vulnerability
in environments in which the administrator has not followed
documentation that outlines the security risks of operating Backburner
on untrusted networks.
|
CVE-2005-4710 |
Unspecified vulnerability in multiple Autodesk and AutoCAD products
and product families from 2006 and earlier allows remote attackers to
"gain inappropriate access to another local user's computer," aka ID
DL5549329.
|