CVE-2009-4850

Awingsoft Awakening Winds3d Viewer Plugin - Memory Corruption

Title source: rule
STIX 2.1

Description

The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16570
metasploit WORKING POC EXCELLENT
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/awingsoft_winds3d_sceneurl.rb

References (5)

Scores

EPSS 0.6369
EPSS Percentile 98.4%

Details

CWE
CWE-119
Status published
Products (1)
awingsoft/awakening_winds3d_viewer_plugin 3.5.0.9
Published May 07, 2010
Tracked Since Feb 18, 2026