Update Protection against Autodesk Multiple Products LiveUpdate ActiveX Control Code Execution Vulnerability
| Check Point Reference: | CPAI-2008-164 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA31989 | |
| Industry Reference(s): | CVE-2008-4471 CVE-2008-4472 |
|
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Autodesk Revit Architecture 2009 | ||
| Vulnerability Description A code execution vulnerability has been reported in Autodesk LiveUpdate ActiveX control within multiple products. Autodesk provides several software products for professional designing of buildings and other infrastructure. By convincing a user to visit a specially crafted Web page, a remote attacker may trigger this vulnerability to execute arbitrary code on an affected system. |
||
|
Vulnerability Details The vulnerability is due to an error in the Autodesk LiveUpdate ActiveX control when handling parameters passed to the ApplyPatch and SaveAS methods. To trigger this issue, an attacker may create a malicious web page that will exploit this vulnerability. Successful exploitation would allow execution of arbitrary code on a vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the vulnerable ActiveX control. Depending on the traffic mix, activating this protection may result in performance degradation.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.