Lucene search
RootSSV:14968HistoryNov 24, 2009 - 12:00 a.m.
Autodesk Maya脚本节点文件远程代码执行漏洞
2009-11-2400:00:00
Root
www.seebug.org
14
0.032 Low
EPSS
Percentile
91.2%
BUGTRAQ ID: 36636
CVE ID: CVE-2009-3578
Maya是一款高端的3D计算机图形和3D建模软件包。
Maya提供了被称为“脚本节点”的方式用于使用MEL(Maya的专有编程语言)和Python对动画行为进行编程。脚本节点保存为.mb和.ma文件格式。通过使用嵌入有脚本节点的特制文件,用户打开恶意的场景文件后就会无需任何干涉便可执行任意命令。
Autodesk Maya 8.5
Autodesk Maya 8.0
Autodesk Maya 2010
Autodesk Maya 2009
Autodesk Maya 2008
临时解决方法:
-
打开文件时禁止执行脚本节点:
. 选择File > Open Scene >
. 关闭Execute Script Nodes
. 点击Open
厂商补丁:
Autodesk
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://usa.autodesk.com/adsk/servlet/home?siteID=123112&id=129446
/-----
python("import os");
python("os.system('%SystemRoot%\\system32\\calc.exe')");
- -----/
Related
prion
prion
Command injection
2009-11-24 17:30:00
cve
cve
CVE-2009-3578
2009-11-24 17:30:00
coresecurity
coresecurity
Autodesk Maya Script Nodes Arbitrary Command Execution
2009-11-23 00:00:00
securityvulns
securityvulns
Autodesk Maya code execution
2009-11-26 00:00:00
CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution
2009-11-26 00:00:00
cvelist
cvelist
CVE-2009-3578
2009-11-24 17:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0910
2009-11-23 00:00:00
seebug
seebug
Autodesk Maya Script Nodes Arbitrary Command Execution
2009-11-23 00:00:00
exploitpack
exploitpack
Autodesk Maya Script - Nodes Arbitrary Command Execution
2009-11-23 00:00:00
nvd
nvd
CVE-2009-3578
2009-11-24 17:30:00
exploitdb
exploitdb
Autodesk Maya Script - Nodes Arbitrary Command Execution
2009-11-23 00:00:00