A vulnerability was found in Autodesk Design Review 2011 11.0.0.86 (Feedback Software) and classified as critical. This issue affects an unknown code block in the library dwmapi.dll. The manipulation with an unknown input leads to a local privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Multiple untrusted search path vulnerabilities in Autodesk Design Review 2011 11.0.0.86 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll, (2) whiptk_wt.7.12.601.dll, or (3) xaml_wt.7.6.0.dll file in the current working directory, as demonstrated by a directory that contains a .dwf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

The weakness was presented 09/07/2012 (Website). It is possible to read the advisory at secunia.com. The identification of this vulnerability is CVE-2010-5226 since 09/07/2012. Attacking locally is a requirement. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1574 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Type

• Feedback Software

Vendor

• Autodesk

Name

• Design Review 2011

Version

• 11.0.0.86

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion