CVSS: 9.3EPSS: 3%CPEs: 7EXPL: 3CVE-2009-3577 – Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2009-3577
Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks." Autodesk 3D Studio Max (3DSMax) v6 hasta v9 y v2008 hasta v2010 permite a atacantes remotos ejecutar código de su elección a través de un archivo .max con una sentencia MAXScript que llama al método DOSCommand, relacionado con "application callbacks." • https://www.exploit-db.com/exploits/33272 http://securitytracker.com/id?1023230 http://www.coresecurity.com/content/3dsmax-arbitrary-command-execution http://www.securityfocus.com/archive/1/508012/100/0/threaded http://www.securityfocus.com/bid/36634 • CWE-94: Improper Control of Generation of Code ('Code Injection') •