QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4148

Published: Dec 4, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://www.coresecurity.com/content/dazstudio-scripting-injection

x_refsource_MISC

20091203 CORE-2009-0911: DAZ Studio Arbitrary Command Execution

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.