CVE-2009-3576

Name of the Vulnerable Software and Affected Versions Autodesk Softimage versions 7.x Autodesk Softimage XSI versions 6.x

Description The issue allows remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script Content element. This can be demonstrated by code that loads the WScript.Shell ActiveX control.

Recommendations For Autodesk Softimage version 7.x, update to a version that fixes this issue. For Autodesk Softimage XSI version 6.x, update to a version that fixes this issue. As a temporary workaround, consider restricting the use of scene packages from untrusted sources to minimize the risk of exploitation.