CVE-2009-3576

Autodesk Softimage 7.x and Softimage XSI 6.x - Remote Code Execution via Scene Table of Contents Script_Content Element

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3576. PoCs published by Diego Juarez, Core Security.

AI-analyzed exploit summary This exploit leverages a PostLoadScript in Autodesk Softimage to execute arbitrary code via JScript. It downloads and executes a payload (putty.exe) from a remote URL using ActiveX objects, demonstrating remote code execution.

Description

Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Diego Juarez · remotewindows

https://www.exploit-db.com/exploits/33273

View Code ZIP pw:eip

This exploit leverages a PostLoadScript in Autodesk Softimage to execute arbitrary code via JScript. It downloads and executes a payload (putty.exe) from a remote URL using ActiveX objects, demonstrating remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Autodesk Softimage (version not specified)

No auth needed

Prerequisites: Victim must open a malicious Softimage file containing the PostLoadScript

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Core Security · textlocalwindows

https://www.exploit-db.com/exploits/10211

View Code ZIP pw:eip

This advisory describes a vulnerability in Autodesk SoftImage where a specially crafted .scntoc XML file can execute arbitrary commands via embedded JScript. The PoC demonstrates downloading and executing a remote payload using ActiveX objects.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Autodesk Softimage 7.x, Autodesk Softimage XSI 6.x

No auth needed

Prerequisites: User interaction to open a malicious scene file

MITRE ATT&CK

T1059.007 - JavaScript T1106 - Native API

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://www.coresecurity.com/content/softimage-arbitrary-command-execution

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023229

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/508011/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36637

Scores

EPSS 0.0316

EPSS Percentile 86.3%

Details

CWE

CWE-94

Status published

Products (2)

autodesk/autodesk_softimage 7.0

autodesk/autodesk_softimage_xsi 6.0

Published Nov 24, 2009

Tracked Since Feb 18, 2026