Description
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Core Security · textlocalwindows
https://www.exploit-db.com/exploits/10213
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://www.coresecurity.com/content/maya-arbitrary-command-execution
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023228
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36636
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508013/100/0/threaded
Scores
EPSS
0.0736
EPSS Percentile
91.7%
Details
CWE
CWE-94
Status
published
Products (4)
autodesk/alias_wavefront_maya
6.5
autodesk/alias_wavefront_maya
7.0
autodesk/autodesk_maya
8.0 2008 (3 CPE variants)
autodesk/autodesk_maya
8.5 2008 (3 CPE variants)
Published
Nov 24, 2009
Tracked Since
Feb 18, 2026