Arbitrary Code Execution in Autodesk Maya by Remote Attackers
CVE-2009-3578

Currently unrated

Key Information:

Vendor: Autodesk
Status: Autodesk Maya; Alias Wavefront Maya
Vendor: CVE Published:; 24 November 2009

Summary

Autodesk Maya versions 8.0 through 2010 and Alias Wavefront Maya 6.5 and 7.0 are susceptible to vulnerabilities that enable remote attackers to execute arbitrary code. This can occur through specially crafted .ma or .mb files that exploit the Maya Embedded Language (MEL) commands. Attackers can manipulate Script Nodes, leading to the execution of potentially harmful commands, thereby compromising the integrity and security of the affected systems.

References

http://www.securityfocus.com/bid/36636

vdb-entryx_refsource_BID

http://www.coresecurity.com/content/maya-arbitrary-comman...

x_refsource_MISC

http://securitytracker.com/id?1023228

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Nov 24, 2009
Vulnerability Reserved
Oct 7, 2009