CVE-2009-3577 – Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution

https://notcve.org/view.php?id=CVE-2009-3577

24 Nov 2009 — Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks." Autodesk 3D Studio Max (3DSMax) v6 hasta v9 y v2008 hasta v2010 permite a atacantes remotos ejecutar código de su elección a través de un archivo .max con una sentencia MAXScript que llama al método DOSCommand, relacionado con "application callbacks." • https://www.exploit-db.com/exploits/33272 • CWE-94: Improper Control of Generation of Code ('Code Injection') •