Vulnerability Description
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://www.exploit-db.com/exploits/16308
- https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.HTTP:MISC:MAPLE-M
- https://www.maplesoft.com/products/maple/
- https://www.vulncheck.com/advisories/maple-maplet-file-creation-command-executio
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://www.exploit-db.com/exploits/16308
FAQ
What is CVE-2010-20120?
CVE-2010-20120 is a documented vulnerability. Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that...
How severe is CVE-2010-20120?
CVSS scoring is not yet available for CVE-2010-20120. Check NVD for updates.
Is there a patch for CVE-2010-20120?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.