Vulnerability Description
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Daz3D | Daz Studio | 2.3.3.161 |
Related Weaknesses (CWE)
References
- http://www.coresecurity.com/content/dazstudio-scripting-injectionExploit
- http://www.securityfocus.com/archive/1/508192/100/0/threaded
- http://www.securityfocus.com/bid/37176Exploit
- http://www.coresecurity.com/content/dazstudio-scripting-injectionExploit
- http://www.securityfocus.com/archive/1/508192/100/0/threaded
- http://www.securityfocus.com/bid/37176Exploit
FAQ
What is CVE-2009-4148?
CVE-2009-4148 is a vulnerability with a CVSS score of 9.3 (HIGH). DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the ...
How severe is CVE-2009-4148?
CVE-2009-4148 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4148?
Check the references section above for vendor advisories and patch information. Affected products include: Daz3D Daz Studio.