header-logo
Suggest Exploit
vendor:
3ds Max
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary Command Execution
78
CWE
Product Name: 3ds Max
Affected Version From: 3ds Max 6
Affected Version To: 3ds Max 2010
Patch Exists: YES
Related CWE: N/A
CPE: autodesk:3ds_max
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Autodesk 3ds Max Arbitrary Command Execution Vulnerability

Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application. This issue affects 3ds Max 6 through 9 and 3ds Max 2008 through 2010. A proof-of-concept code is available which uses the callbacks.addScript #filePostOpen command to execute the 'calc.exe' command.

Mitigation:

Users should apply the latest available updates from the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/36634/info

Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application.

This issue affects the following:

3ds Max 6 through 9
3ds Max 2008 through 2010

Other versions may also be vulnerable. 

The following proof-of-concept code is available:

callbacks.addScript #filePostOpen ("DOSCommand(\"calc.exe\")") id:#mbLoadCallback persistent:true

Navigation

Suggest Exploit

Services By CQR