Vulnerability Description
Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | 3Ds Max | 6 |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1023230
- http://www.coresecurity.com/content/3dsmax-arbitrary-command-executionExploit
- http://www.securityfocus.com/archive/1/508012/100/0/threaded
- http://www.securityfocus.com/bid/36634Exploit
- http://securitytracker.com/id?1023230
- http://www.coresecurity.com/content/3dsmax-arbitrary-command-executionExploit
- http://www.securityfocus.com/archive/1/508012/100/0/threaded
- http://www.securityfocus.com/bid/36634Exploit
FAQ
What is CVE-2009-3577?
CVE-2009-3577 is a vulnerability with a CVSS score of 9.3 (HIGH). Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related...
How severe is CVE-2009-3577?
CVE-2009-3577 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3577?
Check the references section above for vendor advisories and patch information. Affected products include: Autodesk 3Ds Max.