CVE-2009-3576

2009-11-2417:30:00

CWE-94

[email protected]

web.nvd.nist.gov

autodesk

softimage

xsi

remote code execution

cve-2009-3576

nvd

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

JSON

Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.

Affected configurations

NVD

Node

autodeskautodesk_softimageMatch7.0

autodeskautodesk_softimage_xsiMatch6.0

CPENameOperatorVersion
autodesk:autodesk_softimageautodesk autodesk softimageeq7.0
autodesk:autodesk_softimage_xsiautodesk autodesk softimage xsieq6.0