CVE-2009-4850 Information
Description
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
Reference
http://osvdb.org/60049 http://secunia.com/advisories/35764 http://www.metasploit.com/modules/exploit/windows/browser/awingsoft_winds3d_sceneurl http://www.metasploit.com/modules/exploit/windows/browser/awingsoft_winds3d_sceneurl http://www.metasploit.com/redmine/projects/framework/repository/revisions/7518/entry/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb http://www.metasploit.com/redmine/projects/framework/repository/revisions/7518/entry/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb https://exchange.xforce.ibmcloud.com/vulnerabilities/58573 winds3d-sceneurl-command-execution(58573)
Share on: