Vulnerability Details CVE-2009-3578
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.0%
CVSS Severity
CVSS v2 Score 9.3
References
- http://securitytracker.com/id?1023228
- http://www.coresecurity.com/content/maya-arbitrary-command-execution
- http://www.securityfocus.com/archive/1/508013/100/0/threaded
- http://www.securityfocus.com/bid/36636
- http://securitytracker.com/id?1023228
- http://www.coresecurity.com/content/maya-arbitrary-command-execution
- http://www.securityfocus.com/archive/1/508013/100/0/threaded
- http://www.securityfocus.com/bid/36636
Products affected by CVE-2009-3578
-
cpe:2.3:a:autodesk:alias_wavefront_maya:6.5
-
cpe:2.3:a:autodesk:alias_wavefront_maya:7.0
-
cpe:2.3:a:autodesk:autodesk_maya:8.0
-
cpe:2.3:a:autodesk:autodesk_maya:8.5