Arbitrary Command Execution in Autodesk 3D Studio Max
CVE-2009-3577

Currently unrated

Key Information:

Vendor

Autodesk
Status
3ds Max
Vendor
CVE Published:
24 November 2009

What is CVE-2009-3577?

A vulnerability exists in Autodesk 3D Studio Max versions 6 to 9 and 2008 to 2010 that allows remote attackers to execute arbitrary code. This can occur through a specially crafted .max file that leverages MAXScript statements to invoke the DOSCommand method. This flaw pertains to how the application handles callbacks, which can be exploited by attackers to perform unauthorized actions on the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/508012/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://securitytracker.com/id?1023230
vdb-entryx_refsource_SECTRACK
http://www.coresecurity.com/content/3dsmax-arbitrary-comm...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.