Vulnerability Details CVE-2007-1253
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 85.1%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/33836
- http://secunia.com/advisories/24232
- http://secunia.com/advisories/24233
- http://secunia.com/advisories/24991
- http://secunia.com/secunia_research/2007-39/advisory/
- http://secunia.com/secunia_research/2007-40/advisory/
- http://security.gentoo.org/glsa/glsa-200704-19.xml
- http://www.securityfocus.com/bid/22770
- http://www.securitytracker.com/id?1017714
- http://www.vupen.com/english/advisories/2007/0798
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32778
- http://osvdb.org/33836
- http://secunia.com/advisories/24232
- http://secunia.com/advisories/24233
- http://secunia.com/advisories/24991
- http://secunia.com/secunia_research/2007-39/advisory/
- http://secunia.com/secunia_research/2007-40/advisory/
- http://security.gentoo.org/glsa/glsa-200704-19.xml
- http://www.securityfocus.com/bid/22770
- http://www.securitytracker.com/id?1017714
- http://www.vupen.com/english/advisories/2007/0798
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32778
Products affected by CVE-2007-1253
-
cpe:2.3:a:blender:blender:2.25
-
cpe:2.3:a:blender:blender:2.26
-
cpe:2.3:a:blender:blender:2.27
-
cpe:2.3:a:blender:blender:2.28
-
cpe:2.3:a:blender:blender:2.30
-
cpe:2.3:a:blender:blender:2.31
-
cpe:2.3:a:blender:blender:2.32
-
cpe:2.3:a:blender:blender:2.33
-
cpe:2.3:a:blender:blender:2.34
-
cpe:2.3:a:blender:blender:2.35
-
cpe:2.3:a:blender:blender:2.36
-
cpe:2.3:a:blender:blender:2.37
-
cpe:2.3:a:blender:blender:2.37a
-
cpe:2.3:a:blender:blender:2.40
-
cpe:2.3:a:blender:blender:2.41
-
cpe:2.3:a:blender:blender:2.42