CVE-2009-3850

Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

Blender v2.34, v2.35a, v2.40, y v2.49b permite a atacantes remotos ejecutar código de su elección mediante un fichero .blend que contenga sentencias Python en la acción onLoad de un ScriptLink SDNA.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-11-02 CVE Reserved
2009-11-05 CVE Published
2009-11-05 First Exploit
2024-02-09 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/archive/1/507706/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/36838	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/9843	2009-11-05
http://www.coresecurity.com/content/blender-scripting-injection	2024-08-07

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Blender Search vendor "Blender"		Blender Search vendor "Blender" for product "Blender"				2.34 Search vendor "Blender" for product "Blender" and version "2.34"		-		Affected
Blender Search vendor "Blender"		Blender Search vendor "Blender" for product "Blender"				2.35a Search vendor "Blender" for product "Blender" and version "2.35a"		-		Affected
Blender Search vendor "Blender"		Blender Search vendor "Blender" for product "Blender"				2.40 Search vendor "Blender" for product "Blender" and version "2.40"		-		Affected
Blender Search vendor "Blender"		Blender Search vendor "Blender" for product "Blender"				2.49b Search vendor "Blender" for product "Blender" and version "2.49b"		-		Affected