CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-4148

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.2%

CVSS Severity

CVSS v2 Score 9.3

References

http://www.coresecurity.com/content/dazstudio-scripting-injection
http://www.securityfocus.com/archive/1/508192/100/0/threaded
http://www.securityfocus.com/bid/37176
http://www.coresecurity.com/content/dazstudio-scripting-injection
http://www.securityfocus.com/archive/1/508192/100/0/threaded
http://www.securityfocus.com/bid/37176

Products affected by CVE-2009-4148

Daz3d » Daz Studio » Version: 2.3.3.161

cpe:2.3:a:daz3d:daz_studio:2.3.3.161
Daz3d » Daz Studio » Version: 2.3.3.163

cpe:2.3:a:daz3d:daz_studio:2.3.3.163
Daz3d » Daz Studio » Version: 3.0.1.135

cpe:2.3:a:daz3d:daz_studio:3.0.1.135

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-4148

Products

Pricing

Contact Us