CVE-2009-1792

The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:stonetrip:s3dplayer_standalone:1.6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:stonetrip:s3dplayer_standalone:1.7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:stonetrip:s3dplayer_web:1.6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:stonetrip:s3dplayer_standalone:1.6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:stonetrip:s3dplayer_web:1.6.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:a:stonetrip:s3dplayer_standalone:1.6.2.4:*:*:*:*:*:*:*

History

21 Nov 2024, 01:03

Type Values Removed Values Added
References () http://secunia.com/advisories/35256 - () http://secunia.com/advisories/35256 -
References () http://www.coresecurity.com/content/StoneTrip-S3DPlayers - () http://www.coresecurity.com/content/StoneTrip-S3DPlayers -
References () http://www.securityfocus.com/archive/1/503887/100/0/threaded - () http://www.securityfocus.com/archive/1/503887/100/0/threaded -
References () http://www.securityfocus.com/bid/35105 - () http://www.securityfocus.com/bid/35105 -

22 Sep 2021, 14:22

Type Values Removed Values Added
CPE cpe:2.3:o:apple:mac_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Information

Published : 2009-05-29 18:30

Updated : 2024-11-21 01:03


NVD link : CVE-2009-1792

Mitre link : CVE-2009-1792

CVE.ORG link : CVE-2009-1792


JSON object : View

Products Affected

apple

  • macos

microsoft

  • windows

stonetrip

  • s3dplayer_web
  • s3dplayer_standalone

linux

  • linux_kernel
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')