CVE-2009-3578

EUVD-2009-3559
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
autodeskalias_wavefront_maya
6.5
autodeskalias_wavefront_maya
7.0
autodeskautodesk_maya
8.0:2008
autodeskautodesk_maya
8.0:2009
autodeskautodesk_maya
8.0:2010
autodeskautodesk_maya
8.5:2008
autodeskautodesk_maya
8.5:2009
autodeskautodesk_maya
8.5:2010
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securitytracker.com/id?1023228
http://www.coresecurity.com/content/maya-arbitrary-command-execution
http://www.securityfocus.com/archive/1/508013/100/0/threaded
http://www.securityfocus.com/bid/36636
http://securitytracker.com/id?1023228
http://www.coresecurity.com/content/maya-arbitrary-command-execution
http://www.securityfocus.com/archive/1/508013/100/0/threaded
http://www.securityfocus.com/bid/36636