CVE-2009-4850
published 2010-05-07CVE-2009-4850: The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe…
PriorityP259critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
24.66%
97.6th percentile
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| awingsoft | awakening_winds3d_viewer_plugin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor browser plugin processes (IE ActiveX, Opera DLL, Firefox XPI) spawning child processes or downloading and executing .exe files via the SceneURL parameter of the Winds3D Player plugin. ↗
- →Inspect HTTP responses with Content-Type 'application/octet-stream' delivered to browser plugin processes associated with Winds3D Player, as the exploit serves the malicious EXE payload with this content type. ↗
- →Look for HTML pages embedding the Winds3D Player plugin (via <object> or <embed> tags) with a SceneURL property pointing to a remote .exe URL, as this is the delivery mechanism for the exploit. ↗
- ·The Metasploit module targets Windows only; exploitation requires the victim to be running Winds3D Player plugin version 3.5.0.9 on Firefox 3.5 or IE 8 on Windows XP SP3. ↗
- ·The exploit payload space is limited to 2048 bytes with a stack adjustment of -3500; payloads exceeding this space will not function correctly. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AwingSoft Winds3D Player 3.5 - SceneURL Download and Execute (Metasploit)
exploitdb·2010-09-20
CVE-2009-4850 AwingSoft Winds3D Player 3.5 - SceneURL Download and Execute (Metasploit)
AwingSoft Winds3D Player 3.5 - SceneURL Download and Execute (Metasploit)
---
##
# $Id: awingsoft_winds3d_sceneurl.rb 10389 2010-09-20 04:38:13Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'AwingSoft Winds3D Player 3.5 SceneURL Download and Execute',
'Description' => %q{
This module exploits an untrusted program execution vulnerability within the
Winds3D Player from AwingSoft. The Winds3D Player is a browser plugin for
IE (ActiveX), Opera (DLL) and Firefox (XPI). By setting the 'SceneURL'
parameter to the URL to an executable, an
Metasploit
AwingSoft Winds3D Player 3.5 SceneURL Download and Execute
metasploit
AwingSoft Winds3D Player 3.5 SceneURL Download and Execute
AwingSoft Winds3D Player 3.5 SceneURL Download and Execute
This module exploits an untrusted program execution vulnerability within the Winds3D Player from AwingSoft. The Winds3D Player is a browser plugin for IE (ActiveX), Opera (DLL) and Firefox (XPI). By setting the 'SceneURL' parameter to the URL to an executable, an attacker can execute arbitrary code. Testing was conducted using plugin version 3.5.0.9 for Firefox 3.5 and IE 8 on Windows XP SP3.
No writeups or analysis indexed.
http://osvdb.org/60049http://secunia.com/advisories/35764http://www.metasploit.com/modules/exploit/windows/browser/awingsoft_winds3d_sceneurlhttp://www.metasploit.com/redmine/projects/framework/repository/revisions/7518/entry/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rbhttps://exchange.xforce.ibmcloud.com/vulnerabilities/58573http://osvdb.org/60049http://secunia.com/advisories/35764http://www.metasploit.com/modules/exploit/windows/browser/awingsoft_winds3d_sceneurlhttp://www.metasploit.com/redmine/projects/framework/repository/revisions/7518/entry/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rbhttps://exchange.xforce.ibmcloud.com/vulnerabilities/58573
2010-05-07
Published