CVE-2009-3850
Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
Blender v2.34, v2.35a, v2.40, y v2.49b permite a atacantes remotos ejecutar código de su elección mediante un fichero .blend que contenga sentencias Python en la acción onLoad de un ScriptLink SDNA.
Multiple vulnerabilities have been found in Blender, the worst of which could allow attackers to execute arbitrary code. Versions less than 2.49b-r2 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-11-02 CVE Reserved
- 2009-11-05 First Exploit
- 2009-11-06 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/507706/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/36838 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9843 | 2009-11-05 | |
| http://www.coresecurity.com/content/blender-scripting-injection | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Blender Search vendor "Blender" | Blender Search vendor "Blender" for product "Blender" | 2.34 Search vendor "Blender" for product "Blender" and version "2.34" | - |
Affected
| ||||||
| Blender Search vendor "Blender" | Blender Search vendor "Blender" for product "Blender" | 2.35a Search vendor "Blender" for product "Blender" and version "2.35a" | - |
Affected
| ||||||
| Blender Search vendor "Blender" | Blender Search vendor "Blender" for product "Blender" | 2.40 Search vendor "Blender" for product "Blender" and version "2.40" | - |
Affected
| ||||||
| Blender Search vendor "Blender" | Blender Search vendor "Blender" for product "Blender" | 2.49b Search vendor "Blender" for product "Blender" and version "2.49b" | - |
Affected
| ||||||