CVE-2009-3578

Description

Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."

Affected products

• autodesk / alias_wavefront_maya6.5 – 6.5
• autodesk / alias_wavefront_maya7.0 – 7.0
• autodesk / autodesk_maya8.0 – 8.0
• autodesk / autodesk_maya8.0 – 8.0
• autodesk / autodesk_maya8.0 – 8.0
• autodesk / autodesk_maya8.5 – 8.5
• autodesk / autodesk_maya8.5 – 8.5
• autodesk / autodesk_maya8.5 – 8.5

References

• MISChttp://www.securityfocus.com/bid/36636
• MISChttp://www.coresecurity.com/content/maya-arbitrary-command-execution
• MISChttp://securitytracker.com/id?1023228
• MISChttp://www.securityfocus.com/archive/1/508013/100/0/threaded