CVE-2009-2386
published 2009-07-10CVE-2009-2386: Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the…
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.12%
91.3th percentile
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| awingsoft | awakening_winds3d_player | — | — |
| awingsoft | awakening_winds3d_player | — | — |
| awingsoft | awakening_winds3d_viewer | — | — |
| awingsoft | awakening_winds3d_viewer | — | — |
| awingsoft | awakening_winds3d_viewer_plugin | — | — |
| awingsoft | awakening_winds3d_viewer_plugin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v6wp-jmqx-8388: Heap-based buffer overflow in the WindsPlayerIE
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-4588 [CRITICAL] CWE-119 GHSA-v6wp-jmqx-8388: Heap-based buffer overflow in the WindsPlayerIE
Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-v4x4-2fqj-xpmh: Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3
ghsa_unreviewed·2022-05-02
CVE-2009-2386 [HIGH] CWE-20 GHSA-v4x4-2fqj-xpmh: Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/35764http://www.coresecurity.com/content/winds3d-viewer-advisoryhttp://www.securityfocus.com/bid/35595http://www.vupen.com/english/advisories/2009/1834http://secunia.com/advisories/35764http://www.coresecurity.com/content/winds3d-viewer-advisoryhttp://www.securityfocus.com/bid/35595http://www.vupen.com/english/advisories/2009/1834
2009-07-10
Published