Opening a malicious project directory in Autodesk 3ds Max can lead to the execution of arbitrary code, potentially compromising the user's entire system.

This is an Untrusted Search Path vulnerability. When a user opens a specially crafted ".max" file or project directory, the application may load and execute a malicious DLL or script placed in that directory by an attacker, running in the context of the current process.

Successful exploitation allows an attacker to gain the same permissions as the local user, leading to data theft, malware installation, or persistent access to the workstation. In a corporate environment, this could be used as an entry point for lateral movement. The CVSS score of 7.8 reflects the high impact of local code execution.

Immediate Action: Update Autodesk 3ds Max to the latest version and avoid opening project files or directories from untrusted or unknown sources.

Proactive Monitoring: Use Endpoint Detection and Response (EDR) tools to monitor for suspicious child processes spawned by 3ds Max (e.g., cmd.exe or powershell.exe).

Compensating Controls: Implement "Least Privilege" access models for workstations and use application whitelisting to prevent the execution of unauthorized binaries.

Public Exploit Available: false

Users and administrators should treat all external 3ds Max project files with caution. Applying the vendor-supplied patch is the only definitive way to mitigate this risk and should be performed across all design workstations immediately.