Autodesk Design Review 2018 Hotfix 3

Autodesk Support

Jun 4, 2021

Thank you for downloading the Autodesk® Design Review 2018 Hotfix 3. We strongly recommend that you read this document in its entirety before applying the Hotfix to your product.

Affected Products

The issues addressed by this hotfix affect Autodesk Design Review 2018, Autodesk Design Review 2013, Autodesk Design Review 2012, and Autodesk Design Review 2011.

Issues Resolved by this Hotfix

This hotfix addresses the following security vulnerabilities:

  • Where the system can be forced to use an object that has already been freed while parsing PNG files. This vulnerability can be exploited can be exploited by remote attackers to obtain sensitive information.
  • Where a crafted PICT file can be used to read beyond the allocated buffer and execute malicious code while parsing PICT files.
  • Where a heap based buffer overflow could occur while parsing PICT files. This vulnerability can be exploited to execute arbitrary code.
  • Where memory corruption can occur when parsing a TIFF file, which can be exploited to execute arbitrary code.
  • Where a heap based buffer overflow could occur while parsing TIFF files. This vulnerability can be exploited to execute arbitrary code.
  • Where a maliciously crafted TIFF file can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.
  • Where a maliciously crafted PDF file can be used to read beyond the allocated buffer while parsing PDF files. This vulnerability can be exploited to execute arbitrary code.
  • Where a maliciously crafted PDF file can be used to write beyond the allocated buffer while parsing PDF files. This vulnerability can be exploited to execute arbitrary code.
  • Where a maliciously crafted PDF file can be used to attempt to free an object that has already been freed while parsing them. This vulnerability can be exploited by remote attackers to execute arbitrary code.
  • Where a type confusion can occur when processing a PDF file. This vulnerability can be exploited to execute arbitrary code.
  • Where a maliciously crafted DWF can be used to attempt to free an object that has already been freed while parsing the DWF file. This vulnerability can be exploited to execute arbitrary code.
  • Where the system can be forced to read beyond the allocated buffer, while parsing DWF files. This vulnerability can be exploited by an attacker to obtain sensitive information.

Installation and Execution Instructions

For users of Autodesk Design Review 2018:

  1. Download ADR2018SP3.msp from this page.
  2. In Windows Explorer, right-click ADR2018SP3.msp and select Run as Administrator.

For users of Autodesk Design Review 2013 or earlier:

  1. Uninstall Autodesk Design Review.
  2. Download and install Autodesk Design Review 2018.
  3. Download ADR2018SP3.msp from this page.
  4. In Windows Explorer, right-click ADR2018SP3.msp and select Run as Administrator.

Installation Verification Instructions

  1. Navigate to the folder Autodesk Design Review has been installed to (C:\Program Files \x86\Autodesk\Autodesk Design Review by default).
  2. Right-click DesignReview.exe and select Properties.
  3. Inspect the Details tab.
  4. Verify that the version is 14.0.3.195.

Note: You can also view design files using the Autodesk Viewer with your web browser. The Autodesk Viewer can open 2D and 3D design files saved in more than 70 file formats.

ADR2018SP3.msp (msi - 70.3MB)

Was this information helpful?

Need help? Ask the Autodesk Assistant!

The Assistant can help you find answers or contact an agent.

Ask the Assistant

What level of support do you have?

Different subscription plans provide distinct categories of support. Find out the level of support for your plan.

View levels of support