CVE-2010-20120
Maple <= v13 Maplet File Creation and Command Execution
Vexday Risk Score
36Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 8.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
26 abr 2010Exploit Metasploit disponível
21 ago 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Maplesoft · MapleReferências
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/fileformat/maple_maplet.rbhttps://www.exploit-db.com/exploits/16308https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.HTTP:MISC:MAPLE-MAPLET-CMD-EXEC.htmlhttps://www.maplesoft.com/products/maple/https://www.vulncheck.com/advisories/maple-maplet-file-creation-command-execution