Release DateDec 22, 2009 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a command-execution vulnerability in DAZ Studio.The vulnerability is caused by an error when the vulnerable software handles a malicious .ds script. It allows a remote attacker to execute arbitrary code via sending a crafted .ds script. |
Affected ProductsDAZ Studio 2.3.3.161DAZ Studio 2.3.3.163 DAZ Studio 3.0.1.135 Other older versions are possibily affected too |
Recommended ActionsCurrently we are not aware of any officially supplied patch for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-4148 |
Reference/shttp://www.securityfocus.com/bid/37176 (BugTraq) |
