Computer Security
[EN] no-pyccku

Autodesk SoftImage code execution
SecurityVulns ID:10421
Threat Level:
Description:It's possible to embed commands into .scntoc files.
Affected:AUTODESK : SoftImage 7.5
CVE:CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution (26.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod