CVE-2009-3576
published 2009-11-24CVE-2009-3576: Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
3.16%
86.4th percentile
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| autodesk | autodesk_softimage | — | — |
| autodesk | autodesk_softimage_xsi | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Autodesk SoftImage Scene TOC - Arbitrary Command Execution
exploitdb·2009-11-23·CVSS 9.3
CVE-2009-3576 [CRITICAL] Autodesk SoftImage Scene TOC - Arbitrary Command Execution
Autodesk SoftImage Scene TOC - Arbitrary Command Execution
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Autodesk SoftImage Scene TOC Arbitrary Command Execution
1. *Advisory Information*
Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution
Advisory Id: CORE-2009-0908
Advisory URL:
http://www.coresecurity.com/content/softimage-arbitrary-command-execution
Date published: 2009-11-23
Date of last update: 2009-11-20
Vendors contacted: Autodesk
Release mode: User release
2. *Vulnerability Information*
Class: Failure to Sanitize Data into a Different Plane [CWE-74]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 36637
CVE Name: CVE-2009-3576
3. *Vul
Exploit-DB
Autodesk SoftImage 7.0 Scene - '.TOC' File Remote Code Execution
exploitdb·2009-11-23
CVE-2009-3576 Autodesk SoftImage 7.0 Scene - '.TOC' File Remote Code Execution
Autodesk SoftImage 7.0 Scene - '.TOC' File Remote Code Execution
---
source: https://www.securityfocus.com/bid/36637/info
Autodesk Softimage is prone to a remote code-execution vulnerability.
Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
JScript
No writeups or analysis indexed.
http://securitytracker.com/id?1023229http://www.coresecurity.com/content/softimage-arbitrary-command-executionhttp://www.securityfocus.com/archive/1/508011/100/0/threadedhttp://www.securityfocus.com/bid/36637http://securitytracker.com/id?1023229http://www.coresecurity.com/content/softimage-arbitrary-command-executionhttp://www.securityfocus.com/archive/1/508011/100/0/threadedhttp://www.securityfocus.com/bid/36637
2009-11-24
Published