Arbitrary Command Execution in Autodesk 3D Studio Max
CVE-2009-3577

Currently unrated

Key Information:

Vendor: Autodesk
Status: 3ds Max
Vendor: CVE Published:; 24 November 2009

Summary

A vulnerability exists in Autodesk 3D Studio Max versions 6 to 9 and 2008 to 2010 that allows remote attackers to execute arbitrary code. This can occur through a specially crafted .max file that leverages MAXScript statements to invoke the DOSCommand method. This flaw pertains to how the application handles callbacks, which can be exploited by attackers to perform unauthorized actions on the system.

References

http://www.securityfocus.com/archive/1/508012/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1023230

vdb-entryx_refsource_SECTRACK

http://www.coresecurity.com/content/3dsmax-arbitrary-comm...

x_refsource_MISC

Timeline

Vulnerability published
Nov 24, 2009
Vulnerability Reserved
Oct 7, 2009