CVE-2009-3850

Опубликовано: 06 нояб. 2009

Источник: debian

EPSS Низкий

Описание

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
blender	unfixed			package

Примечания

attack vector is social engineering to get the user to open
a malicious .blend file. by design, blend files support
all python operations, so ultimately any code can be executed

EPSS

Процентиль: 88%

0.03852

Низкий

Связанные уязвимости

CVE-2009-3850

ubuntu

около 16 лет назад

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

CVE-2009-3850

nvd

около 16 лет назад

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

GHSA-cfxm-x8mw-xvmf

github

больше 3 лет назад

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

EPSS

Процентиль: 88%

0.03852

Низкий