Vulnerability Description
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | Autodesk Softimage | 7.0 |
| Autodesk | Autodesk Softimage Xsi | 6.0 |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1023229
- http://www.coresecurity.com/content/softimage-arbitrary-command-executionExploit
- http://www.securityfocus.com/archive/1/508011/100/0/threaded
- http://www.securityfocus.com/bid/36637
- http://securitytracker.com/id?1023229
- http://www.coresecurity.com/content/softimage-arbitrary-command-executionExploit
- http://www.securityfocus.com/archive/1/508011/100/0/threaded
- http://www.securityfocus.com/bid/36637
FAQ
What is CVE-2009-3576?
CVE-2009-3576 is a vulnerability with a CVSS score of 9.3 (HIGH). Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Conte...
How severe is CVE-2009-3576?
CVE-2009-3576 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3576?
Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Autodesk Softimage, Autodesk Autodesk Softimage Xsi.