mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
127 lines
3.9 KiB
JSON
127 lines
3.9 KiB
JSON
{
|
|
"id": "CVE-2009-3577",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2009-11-24T17:30:00.327",
|
|
"lastModified": "2018-10-10T19:47:15.153",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to \"application callbacks.\""
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Autodesk 3D Studio Max (3DSMax) v6 hasta v9 y v2008 hasta v2010 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo .max con una sentencia MAXScript que llama al m\u00e9todo DOSCommand, relacionado con \"application callbacks.\"\r\n"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 9.3
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-94"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:autodesk:3ds_max:6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "48A6AC01-DD6A-47DC-A08F-CFF2B00E458A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:autodesk:3ds_max:7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "21F34A76-B1BD-45C7-9EFE-221F5E35985F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:autodesk:3ds_max:8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9120C1A0-A615-4835-833E-D292813A3362"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:autodesk:3ds_max:9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D53212F3-EB04-4AC2-8C18-9FE4C63FBB48"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:autodesk:3ds_max:2008:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "541F19B1-3E53-4558-BC21-6A14D7567DBE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:autodesk:3ds_max:2009:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CD0EF4E-539D-42CB-B9E7-86A0C8154294"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:autodesk:3ds_max:2010:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AA2F7BFB-ABB7-4ABA-BCBC-EC507C7C52CB"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://securitytracker.com/id?1023230",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.coresecurity.com/content/3dsmax-arbitrary-command-execution",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/508012/100/0/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/36634",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
}
|
|
]
|
|
} |