Description
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textlocalwindows
https://www.exploit-db.com/exploits/10295
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37176
Exploit x_refsource_misc
http://www.coresecurity.com/content/dazstudio-scripting-injection
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508192/100/0/threaded
Scores
EPSS
0.0186
EPSS Percentile
83.1%
Details
CWE
CWE-94
Status
published
Products (3)
daz3d/daz_studio
2.3.3.161
daz3d/daz_studio
2.3.3.163
daz3d/daz_studio
3.0.1.135
Published
Dec 04, 2009
Tracked Since
Feb 18, 2026