Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3577

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICAL
EPSS
4.0%
top 11.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Autodesk 3DS MAX
Timeline
PublishedNov 24
Latest updateMay 2

Description

Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDautodesk/3ds_max7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-w5v3-f8xv-j94c: Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a2022-05-02
CVEList
CVE-2009-3577: Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a2009-11-24

💥Exploits & PoCs

1
Exploit-DB
Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution2009-10-23
CVE-2009-3577 (CRITICAL CVSS 9.3) | Autodesk 3D Studio Max (3DSMax) 6 t | cvebase.io