CVE-2009-3578

Name of the Vulnerable Software and Affected Versions Autodesk Maya versions 8.0 through 2010 Autodesk Maya version 2008 Autodesk Maya version 2009 Alias Wavefront Maya version 6.5 Alias Wavefront Maya version 7.0

Description The issue allows remote attackers to execute arbitrary code via a .ma or .mb file that uses the Maya Embedded Language (MEL) python command or other MEL commands, related to Script Nodes.

Recommendations For Autodesk Maya versions 8.0 through 2010, consider disabling the use of MEL python commands in .ma and .mb files until a fix is available. For Autodesk Maya version 2008, avoid using Script Nodes in .ma and .mb files. For Autodesk Maya version 2009, restrict access to MEL commands to minimize the risk of exploitation. For Alias Wavefront Maya version 6.5, consider disabling the execution of MEL commands in .ma and .mb files. For Alias Wavefront Maya version 7.0, limit the use of Script Nodes to trusted sources.