The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
Published 2010-05-07 18:30:01
Updated 2017-08-17 01:31:47
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2009-4850

Probability of exploitation activity in the next 30 days: 87.52%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2009-4850

  • AwingSoft Winds3D Player 3.5 SceneURL Download and Execute
    Disclosure Date: 2009-11-14
    First seen: 2020-04-26
    exploit/windows/browser/awingsoft_winds3d_sceneurl
    This module exploits an untrusted program execution vulnerability within the Winds3D Player from AwingSoft. The Winds3D Player is a browser plugin for IE (ActiveX), Opera (DLL) and Firefox (XPI). By setting the 'SceneURL' parameter to the URL to an executable, an a

CVSS scores for CVE-2009-4850

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST

CWE ids for CVE-2009-4850

References for CVE-2009-4850

Products affected by CVE-2009-4850

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!