Exploiting a specially crafted '.blend' file

vendor:

N/A

by:

Core Security Technologies

7.5

CVSS

HIGH

Arbitrary Code Execution

N/A

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Exploiting a specially crafted ‘.blend’ file

An attacker can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.blend' file. The following proof of concept demonstrates this issue: Open the 'Text Editor' Panel, right click on the canvas and select 'New', write python code, input a name for the script, open the 'Buttons Window' panel, from the 'panel' dropdown choose 'Script', check that 'enable script links' is active, click on 'new', select the script, choose 'OnLoad' from the event dropdown list, and save the project.

Mitigation:

N/A

Source

Exploit-DB raw data:

An attacker can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.blend' file. 

The following proof of concept demonstrates this issue: 

. Open the "Text Editor" Panel.
. Right click on the canvas and select "New".
. Write your python code there. For instance:

/-----
import os
os.system("calc.exe")
-----/

. In the text name field (TX:Text.001) input a name for your
script, e.g.: TX:myscript.
. Open the "Buttons Window" panel.
. From the "panel" dropdown choose "Script".
. Check that "enable script links" is active.
. Click on "new".
. Select the script you created (e.g. myscript).
. Choose "OnLoad" from the event dropdown list.
. In the "User Preferences" panel, select File-&gt;Save, and save your project.


NOTE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.