Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1792

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1792
Last Modified 20 Mar 2012 12:00:00
Published 29 May 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1792

Summary

The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).

Vulnerable Systems

Application

  • Stonetrip S3dplayer Standalone 1.6.2.4

  • Stonetrip S3dplayer Standalone 1.7.0.1

  • Stonetrip S3dplayer Web 1.6.0.0


References

BID - 35105

BUGTRAQ - 20090528 CORE-2009-0401 - StoneTrip S3DPlayers remote command injection

MISC - http://www.coresecurity.com/content/StoneTrip-S3DPlayers

SECUNIA - 35256


Last Updated: 27 May 2016 10:50:40