CVE-2010-5105

Name of the Vulnerable Software and Affected Versions Blender versions 2.5 through 2.63a

Description The undo save quit routine in the kernel in Blender allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. This issue might be a regression of a previously known problem.

Recommendations For versions 2.5 through 2.63a, consider disabling the undo save quit routine as a temporary workaround until a patch is available. Restrict access to the quit.blend temporary file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.