Vulnerability Details : CVE-2015-8572
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.
Vulnerability category: OverflowExecute code
Products affected by CVE-2015-8572
- cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8572
78.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8572
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-8572
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8572
-
http://www.zerodayinitiative.com/advisories/ZDI-15-620
ZDI-15-620 | Zero Day Initiative
-
https://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html
Autodesk Design Review 2013 Hotfix | Design Review 2013 | Autodesk Knowledge NetworkVendor Advisory
-
http://www.zerodayinitiative.com/advisories/ZDI-15-615
ZDI-15-615 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-15-619
ZDI-15-619 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-15-618
ZDI-15-618 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-15-616
ZDI-15-616 | Zero Day Initiative
Jump to