Lucene search

K

[email protected]NVD:CVE-2009-3578

HistoryNov 24, 2009 - 5:30 p.m.

CVE-2009-3578

2009-11-2417:30:00

CWE-94

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to “Script Nodes.”

Affected configurations

NVD

Node

autodeskalias_wavefront_mayaMatch6.5

OR

autodeskalias_wavefront_mayaMatch7.0

OR

autodeskautodesk_mayaMatch8.02008

OR

autodeskautodesk_mayaMatch8.02009

OR

autodeskautodesk_mayaMatch8.02010

OR

autodeskautodesk_mayaMatch8.52008

OR

autodeskautodesk_mayaMatch8.52009

OR

autodeskautodesk_mayaMatch8.52010

References

securitytracker.com/id?1023228

www.coresecurity.com/content/maya-arbitrary-command-execution

www.securityfocus.com/archive/1/508013/100/0/threaded

www.securityfocus.com/bid/36636

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

Related for NVD:CVE-2009-3578

seebug2 prion1 exploitpack1 packetstorm1 cve1 coresecurity1 securityvulns2 cvelist1 exploitdb1