CVE-2007-1253

EPSS 2.63%
Published 03.03.2007 20:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Blender ≫ Blender Version <= 2.42a

Blender ≫ Blender Version2.25

Blender ≫ Blender Version2.36

Blender ≫ Blender Version2.37a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.63%	0.843

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://osvdb.org/33836

http://secunia.com/advisories/24232

http://secunia.com/advisories/24233

http://secunia.com/advisories/24991

Vendor Advisory

http://secunia.com/secunia_research/2007-39/advisory/

Vendor Advisory

http://secunia.com/secunia_research/2007-40/advisory/

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200704-19.xml

http://www.securityfocus.com/bid/22770

http://www.securitytracker.com/id?1017714