Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3577

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-3577
Last Modified 12 Dec 2011 12:00:00
Published 24 Nov 2009 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3577

Summary

Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."

Vulnerable Systems

Application

  • Autodesk 3ds Max 2008

  • Autodesk 3ds Max 2009

  • Autodesk 3ds Max 2010

  • Autodesk 3ds Max 6

  • Autodesk 3ds Max 7

  • Autodesk 3ds Max 8

  • Autodesk 3ds Max 9


References

BID - 36634

BUGTRAQ - 20091123 CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution

MISC - http://www.coresecurity.com/content/3dsmax-arbitrary-command-execution

SECTRACK - 1023230


Last Updated: 27 May 2016 10:57:51