cbcvebase.
CVE-2009-2386
published 2009-07-10

CVE-2009-2386: Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the…

PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.12%
91.3th percentile
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.

Affected

6 ranges
VendorProductVersion rangeFixed in
awingsoftawakening_winds3d_player
awingsoftawakening_winds3d_player
awingsoftawakening_winds3d_viewer
awingsoftawakening_winds3d_viewer
awingsoftawakening_winds3d_viewer_plugin
awingsoftawakening_winds3d_viewer_plugin
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.