← back
CVE-2009-3576

CVE-2009-3576

EPSS 3.2%
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/10211unverifiedexploitdbwww.exploit-db.com/exploits/33273unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securitytracker.com/id?1023229http://www.coresecurity.com/content/softimage-arbitrary-command-executionhttp://www.securityfocus.com/archive/1/508011/100/0/threadedhttp://www.securityfocus.com/bid/36637