CVE-2009-4148

2009-12-0419:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2009-4148

daz studio

script injection

remote code execution

security vulnerability

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.8%

JSON

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a “script injection vulnerability.”

CPENameOperatorVersion
daz3d:daz_studiodaz3d daz studioeq2.3.3.161
daz3d:daz_studiodaz3d daz studioeq3.0.1.135
daz3d:daz_studiodaz3d daz studioeq2.3.3.163