CVE-2009-2386
Awingsoft Awakening Winds3D Viewer <3.5.0.0-<3.0.0.5 - Code Injection
Title source: llmDescription
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Diego Juarez · textremotemultiple
https://www.exploit-db.com/exploits/33067
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35595
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1834
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35764
Exploit x_refsource_misc
http://www.coresecurity.com/content/winds3d-viewer-advisory
Scores
EPSS
0.0534
EPSS Percentile
90.1%
Details
CWE
CWE-20
Status
published
Products (2)
awingsoft/awakening_winds3d_viewer_plugin
3.0.0.5
awingsoft/awakening_winds3d_viewer_plugin
3.5.0.0
Published
Jul 10, 2009
Tracked Since
Feb 18, 2026