CVE-2009-2386

Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.

Published: Jul 10, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2386
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
awingsoft / awakening_winds3d_viewer_plugin	3.0.0.5	3.0.0.5.x
awingsoft / awakening_winds3d_viewer_plugin	3.5.0.0	3.5.0.0.x

http://secunia.com/advisories/35764
http://www.coresecurity.com/content/winds3d-viewer-advisory
http://www.securityfocus.com/bid/35595
http://www.vupen.com/english/advisories/2009/1834

Vulnerability Database

291,049

CVE-2009-2386