Lucene search
RootSSV:14966HistoryNov 24, 2009 - 12:00 a.m.
Autodesk 3ds Max应用回调远程代码执行漏洞
2009-11-2400:00:00
Root
www.seebug.org
4
0.043 Low
EPSS
Percentile
91.4%
BUGTRAQ ID: 36634
CVE ID: CVE-2009-3577
Autodesk 3D Max是在视频游戏、电影、多媒体和web内容开发中广泛应用的建模和动画软件包。
Autodesk 3D Max提供了内嵌的脚本语言MaxScript。3D Max允许用户将MaxScript绑定到应用回调上,如果用户受骗打开了嵌入有MaxScript应用回调的.max文件,就会导致执行任意代码。
Autodesk 3DS Max 9
Autodesk 3DS Max 8
Autodesk 3DS Max 7
Autodesk 3DS Max 6
Autodesk 3DS Max 2010
Autodesk 3DS Max 2009
Autodesk 3DS Max 2008
临时解决方法:
-
通过以下步骤禁止自动加载嵌入的MaxScript:
. 找到Customize menu > Preferences > Preference Settings dialog > MAXScript
. 清除Load/Save Scene Scripts
. 清除Load/Save Persistent Globals
厂商补丁:
Autodesk
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://usa.autodesk.com/adsk/servlet/home?siteID=123112&id=129446
/-----
callbacks.addScript #filePostOpen ("DOSCommand(\"calc.exe\")")
id:#mbLoadCallback persistent:true
- -----/
Related
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0909
2009-11-23 00:00:00
cvelist
cvelist
CVE-2009-3577
2009-11-24 17:00:00
securityvulns
securityvulns
Autodesk 3DS Max code execution
2009-11-26 00:00:00
prion
prion
Authentication flaw
2009-11-24 17:30:00
cve
cve
CVE-2009-3577
2009-11-24 17:30:00
seebug
seebug
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
2009-11-23 00:00:00
exploitdb
exploitdb
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
2009-11-23 00:00:00
coresecurity
coresecurity
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
2009-11-23 00:00:00