QID 375926

Design Review CAD viewer software lets you view, mark up, print and track changes to 2D and 3D files for free without the original design software.

CVE-2021-27033 - A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2021-27034 - A heap-based buffer overflow could occur while parsing PICT or TIFF files. This vulnerability can be exploited to execute arbitrary code.
CVE-2021-27035 - A maliciously crafted TIFF, PDF, PICT or DWF files can be forced to read beyond allocated boundaries when parsing the TIFF, PDF, PICT or DWF files. This vulnerability can be exploited to execute arbitrary code.
CVE-2021-27036 - A maliciously crafted PDF, PICT, or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT, or TIFF files. This vulnerability can be exploited to execute arbitrary code.
CVE-2021-27037 - A maliciously crafted PNG, PDF or DWF file can be used to attempt to free an object that has already been freed while parsing them. This vulnerability can be exploited by remote attackers to execute arbitrary code.
CVE-2021-27038 - A Type Confusion vulnerability can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code.
CVE-2021-27039 - A maliciously crafted TIFF file can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.

Affected versions:
Autodesk Design Review versions 2018, 2017, 2013, 2012, 2011

QID Detection Logic:(Authenticated)
It checks for DesignReview.exe file version to check the vulnerable version of Autodesk Design Review

Successful exploitation of this vulnerability can lead to arbitrary code execution.