1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: AutoDesk IDrop ActiveX Heap Corruption

Web Attack: AutoDesk IDrop ActiveX Heap Corruption

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature will detect attempts to exploit a Heap Memory Corruption Vulnerability in Autodesk IDrop ActiveX Control.

Additional Information

Autodesk IDrop ActiveX control gives users the ability to drag-n-drop content from the web straight into their drawing session.

The application is prone to multiple heap memory-corruption vulnerabilities. These issues affect the 'Src', 'Background', and 'PackageXml' properties of the 'IDrop.ocx' ActiveX control identified by CLSID:


An attacker can exploit these issues to execute arbitrary code within the context of the application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Autodesk IDrop ActiveX control is vulnerable; other versions may also be affected.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube