Lucene search

[email protected]CVE-2015-8572

HistoryOct 03, 2022 - 4:16 p.m.

CVE-2015-8572

2022-10-0316:16:01

CWE-119

[email protected]

web.nvd.nist.gov

cve

2015

8572

buffer overflows

autodesk design review

adr

remote attackers

arbitrary code

rle data

bmp

fli

pcx file

gif file

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.063 Low

EPSS

Percentile

93.7%

JSON

Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.

Affected configurations

NVD

Node

autodeskdesign_reviewMatch2013

CPENameOperatorVersion
autodesk:design_reviewautodesk design revieweq2013

CPE	Name	Operator	Version
autodesk:design_review	autodesk design review	eq	2013

References

www.zerodayinitiative.com/advisories/ZDI-15-615

www.zerodayinitiative.com/advisories/ZDI-15-616

www.zerodayinitiative.com/advisories/ZDI-15-618

www.zerodayinitiative.com/advisories/ZDI-15-619

www.zerodayinitiative.com/advisories/ZDI-15-620

knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.063 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2015-8572

nvd1 zdi5 prion1 cvelist1 checkpoint_advisories1 kaspersky1 nessus1