Vulnerability Description
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | Alias Wavefront Maya | 6.5 |
| Autodesk | Autodesk Maya | 8.0 |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1023228
- http://www.coresecurity.com/content/maya-arbitrary-command-execution
- http://www.securityfocus.com/archive/1/508013/100/0/threaded
- http://www.securityfocus.com/bid/36636
- http://securitytracker.com/id?1023228
- http://www.coresecurity.com/content/maya-arbitrary-command-execution
- http://www.securityfocus.com/archive/1/508013/100/0/threaded
- http://www.securityfocus.com/bid/36636
FAQ
What is CVE-2009-3578?
CVE-2009-3578 is a vulnerability with a CVSS score of 9.3 (HIGH). Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (M...
How severe is CVE-2009-3578?
CVE-2009-3578 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3578?
Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Alias Wavefront Maya, Autodesk Autodesk Maya.