CVE-2009-3576 – Autodesk SoftImage Scene TOC - Arbitrary Command Execution

https://notcve.org/view.php?id=CVE-2009-3576

24 Nov 2009 — Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control. Autodesk Softimage v7.x y Softimage XSI v6.x permite a atacantes remotos ejecutar código JavaScript de su elección a través de un paquete de escena que contiene un archivo Tabla de Contenidos de Escena (como .scntoc) con un elemen... • https://www.exploit-db.com/exploits/10211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •