Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2386

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-2386
Last Modified 13 Jul 2009 12:00:00
Published 10 Jul 2009 11:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2386

Summary

Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.

Vulnerable Systems

Application

  • Awingsoft Awakening Winds3d Viewer Plugin 3.0.0.5

  • Awingsoft Awakening Winds3d Viewer Plugin 3.5.0.0


References

VUPEN - ADV-2009-1834

BID - 35595

MISC - http://www.coresecurity.com/content/winds3d-viewer-advisory

SECUNIA - 35764


Last Updated: 27 May 2016 10:50:52