CVE-2009-4148

DAZ Studio <3.0.1.135 - RCE

Title source: llm

Description

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textlocalwindows

https://www.exploit-db.com/exploits/10295

View Code ZIP pw:eip

References (3)

[Exploit] http://www.coresecurity.com/content/dazstudio-scripting-injection

[Exploit] http://www.securityfocus.com/bid/37176

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/508192/100/0/threaded

Scores

EPSS 0.0166

EPSS Percentile 81.8%

Classification

CWE

CWE-94

Status draft

Affected Products (3)

daz3d/daz_studio

daz3d/daz_studio

daz3d/daz_studio

Timeline

Published Dec 04, 2009

Tracked Since Feb 18, 2026