Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2009-3850

Опубликовано: 06 нояб. 2009
Источник: debian

Описание

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
blenderunfixedpackage

Примечания

  • attack vector is social engineering to get the user to open

  • a malicious .blend file. by design, blend files support

  • all python operations, so ultimately any code can be executed

Связанные уязвимости

ubuntu логотип

CVE-2009-3850

ubuntu
больше 16 лет назад

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

nvd логотип

CVE-2009-3850

nvd
больше 16 лет назад

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

github логотип

GHSA-cfxm-x8mw-xvmf

github
почти 4 года назад

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.