CVE-2009-2386

Awingsoft Awakening Winds3D Viewer <3.5.0.0-<3.0.0.5 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2386. PoCs published by Diego Juarez.

AI-analyzed exploit summary The provided text describes a vulnerability in Winds3D Viewer that allows malicious files to be downloaded and executed within the context of the affected browser plugin. The vulnerability affects versions 3.5.0.0 and 3.5.0.5, with potential impact on other versions.

Description

Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Diego Juarez · textremotemultiple
https://www.exploit-db.com/exploits/33067

The provided text describes a vulnerability in Winds3D Viewer that allows malicious files to be downloaded and executed within the context of the affected browser plugin. The vulnerability affects versions 3.5.0.0 and 3.5.0.5, with potential impact on other versions.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Winds3D Viewer 3.5.0.0, 3.5.0.5
No auth needed
Prerequisites: Victim must have Winds3D Viewer plugin installed · Victim must visit a malicious webpage or download a malicious file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35595
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1834
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35764

Scores

EPSS 0.0512
EPSS Percentile 91.3%

Details

CWE
CWE-20
Status published
Products (2)
awingsoft/awakening_winds3d_viewer_plugin 3.0.0.5
awingsoft/awakening_winds3d_viewer_plugin 3.5.0.0
Published Jul 10, 2009
Tracked Since Feb 18, 2026